Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-21536
Vulnerability from cvelistv5
Published
2024-10-19 05:00
Modified
2024-10-21 16:31
Severity ?
EPSS score ?
Summary
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | http-proxy-middleware |
Version: 0 ≤ Version: 3.0.0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "http-proxy-middleware",
"vendor": "chimurai",
"versions": [
{
"lessThan": "2.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21536",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T15:20:45.568615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T16:31:29.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "http-proxy-middleware",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marc Hassan"
}
],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T11:22:36.064Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
},
{
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2024-21536",
"datePublished": "2024-10-19T05:00:04.056Z",
"dateReserved": "2023-12-22T12:33:20.123Z",
"dateUpdated": "2024-10-21T16:31:29.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-21536\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2024-10-19T05:15:13.097\",\"lastModified\":\"2024-11-01T18:03:15.897\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.\"},{\"lang\":\"es\",\"value\":\"Las versiones del paquete http-proxy-middleware anteriores a la 2.0.7, a la 3.0.0 y a la 3.0.3 es vulnerable a un ataque de denegaci\u00f3n de servicio (DoS) debido a un error UnhandledPromiseRejection generado por micromatch. Un atacante podr\u00eda matar el proceso Node.js y bloquear el servidor al realizar solicitudes a determinadas rutas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.7\",\"matchCriteriaId\":\"A1C31D2C-0CB7-4D28-8658-42632A65F7F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.3\",\"matchCriteriaId\":\"A89EB4F5-1978-4172-A52D-8504F87E110E\"}]}]}],\"references\":[{\"url\":\"https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
rhsa-2024_11256
Vulnerability from csaf_redhat
Published
2024-12-17 11:08
Modified
2024-12-19 16:17
Summary
Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1
Notes
Topic
Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate
Details
Red Hat Trusted Profile Analyzer 1.2.1
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Trusted Profile Analyzer 1.2.1",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:11256",
"url": "https://access.redhat.com/errata/RHSA-2024:11256"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1865",
"url": "https://issues.redhat.com/browse/TC-1865"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1873",
"url": "https://issues.redhat.com/browse/TC-1873"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1880",
"url": "https://issues.redhat.com/browse/TC-1880"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1892",
"url": "https://issues.redhat.com/browse/TC-1892"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1928",
"url": "https://issues.redhat.com/browse/TC-1928"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1947",
"url": "https://issues.redhat.com/browse/TC-1947"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1970",
"url": "https://issues.redhat.com/browse/TC-1970"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1868",
"url": "https://issues.redhat.com/browse/TC-1868"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1937",
"url": "https://issues.redhat.com/browse/TC-1937"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1795",
"url": "https://issues.redhat.com/browse/TC-1795"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1824",
"url": "https://issues.redhat.com/browse/TC-1824"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1870",
"url": "https://issues.redhat.com/browse/TC-1870"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11256.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1",
"tracking": {
"current_release_date": "2024-12-19T16:17:53+00:00",
"generator": {
"date": "2024-12-19T16:17:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:11256",
"initial_release_date": "2024-12-17T11:08:00+00:00",
"revision_history": [
{
"date": "2024-12-17T11:08:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-17T11:08:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-19T16:17:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Profile Analyzer 1.2",
"product": {
"name": "Red Hat Trusted Profile Analyzer 1.2",
"product_id": "Red Hat Trusted Profile Analyzer 1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_profile_analyzer:1.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Profile Analyzer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64",
"product": {
"name": "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64",
"product_id": "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhtpa-guac-rhel9@sha256%3A9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30?arch=amd64\u0026repository_url=registry.redhat.io/rhtpa\u0026tag=1.2.1-1733575106"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64 as a component of Red Hat Trusted Profile Analyzer 1.2",
"product_id": "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64"
},
"product_reference": "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64",
"relates_to_product_reference": "Red Hat Trusted Profile Analyzer 1.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-19T01:20:29.981665+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313454"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf: StackOverflow vulnerability in Protocol Buffers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack\u0027s capacity, causing the application to crash or become unresponsive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-7254"
},
{
"category": "external",
"summary": "RHBZ#2313454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa",
"url": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa"
}
],
"release_date": "2024-09-19T01:15:10.963000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T11:08:00+00:00",
"details": "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11256"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "protobuf: StackOverflow vulnerability in Protocol Buffers"
},
{
"cve": "CVE-2024-21536",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-10-19T06:00:36.846953+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2319884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-proxy-middleware: Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21536"
},
{
"category": "external",
"summary": "RHBZ#2319884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536"
},
{
"category": "external",
"summary": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a",
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906",
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
}
],
"release_date": "2024-10-19T05:00:04.056000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T11:08:00+00:00",
"details": "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11256"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have any mitigation recommendations at this time.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-proxy-middleware: Denial of Service"
},
{
"cve": "CVE-2024-21538",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-11-08T13:44:29.182678+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2324550"
}
],
"notes": [
{
"category": "description",
"text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cross-spawn: regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "RHBZ#2324550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324550"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/pull/160",
"url": "https://github.com/moxystudio/node-cross-spawn/pull/160"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230",
"url": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230"
}
],
"release_date": "2024-11-08T05:00:04.695000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T11:08:00+00:00",
"details": "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cross-spawn: regular expression denial of service"
}
]
}
rhsa-2024_10917
Vulnerability from csaf_redhat
Published
2024-12-10 11:04
Modified
2024-12-20 18:56
Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release
Notes
Topic
A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released
Details
Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10917",
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10917.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release",
"tracking": {
"current_release_date": "2024-12-20T18:56:50+00:00",
"generator": {
"date": "2024-12-20T18:56:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:10917",
"initial_release_date": "2024-12-10T11:04:35+00:00",
"revision_history": [
{
"date": "2024-12-10T11:04:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-10T11:04:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-20T18:56:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 3.4",
"product": {
"name": "Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256%3Ae65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Afdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Abf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Aaebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Af2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Ab7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Af454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Ac322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Af6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Af5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21536",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-10-19T06:00:36.846953+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2319884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-proxy-middleware: Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21536"
},
{
"category": "external",
"summary": "RHBZ#2319884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536"
},
{
"category": "external",
"summary": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a",
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906",
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
}
],
"release_date": "2024-10-19T05:00:04.056000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have any mitigation recommendations at this time.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-proxy-middleware: Denial of Service"
},
{
"cve": "CVE-2024-43796",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:28.106254+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: Improper Input Handling in Express Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43796"
},
{
"category": "external",
"summary": "RHBZ#2311152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553",
"url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx",
"url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx"
}
],
"release_date": "2024-09-10T15:15:17.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: Improper Input Handling in Express Redirects"
},
{
"cve": "CVE-2024-43799",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:30.869487+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311153"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "send: Code Execution Vulnerability in Send Library",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43799"
},
{
"category": "external",
"summary": "RHBZ#2311153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
"url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
"url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
}
],
"release_date": "2024-09-10T15:15:17.727000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "send: Code Execution Vulnerability in Send Library"
},
{
"cve": "CVE-2024-43800",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:33.631718+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "serve-static: Improper Sanitization in serve-static",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43800"
},
{
"category": "external",
"summary": "RHBZ#2311154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b",
"url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa",
"url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p",
"url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p"
}
],
"release_date": "2024-09-10T15:15:17.937000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "serve-static: Improper Sanitization in serve-static"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45590",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2024-09-10T16:20:29.292154+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "body-parser: Denial of Service Vulnerability in body-parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "RHBZ#2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
}
],
"release_date": "2024-09-10T16:15:21.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "body-parser: Denial of Service Vulnerability in body-parser"
},
{
"cve": "CVE-2024-45811",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-09-17T20:00:49.944925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312930"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ViteJS. `@fs` denies access to files outside of Vite serving allow list. Adding `?import\u0026raw` to the URL bypasses this limitation and returns the file content if it exists, which can allow an attacker to access arbitrary files via the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vite: server.fs.deny is bypassed when using `?import\u0026raw`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as moderate rather than high severity because it requires specific conditions for exploitation. The attacker must have access to the Vite server, which typically runs in a local development environment rather than in production. Additionally, the bypass allows file access only if the file path is already known or predictable, limiting the attacker\u0027s ability to arbitrarily explore the file system. While it exposes file content outside the Vite serving allow list, the scope of access is constrained, and the impact can be mitigated by proper server configurations and deployment practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45811"
},
{
"category": "external",
"summary": "RHBZ#2312930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45811",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45811"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite",
"url": "https://github.com/vitejs/vite"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249",
"url": "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34",
"url": "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd",
"url": "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6",
"url": "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7",
"url": "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx",
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx"
}
],
"release_date": "2024-09-17T18:44:12+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vite: server.fs.deny is bypassed when using `?import\u0026raw`"
},
{
"cve": "CVE-2024-45812",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-17T20:20:07.064245+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312935"
}
],
"notes": [
{
"category": "description",
"text": "A DOM clobbering vulnerability was found in ViteJS. This may lead to cross-site scripting (XSS) attacks on websites that include Vite-bundled files configured with an output format of cjs, iife, or umd, and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vite: XSS via DOM Clobbering gadget found in vite bundled scripts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is classified as moderate severity rather than important due to the specific conditions required to exploit the vulnerability. While DOM Clobbering can lead to Cross-Site Scripting (XSS), the attack surface is relatively limited. Exploitation is contingent on the presence of unsanitized user-supplied HTML with certain scriptless attributes (`name`, `id`) and the use of particular Vite build outputs (`cjs`, `iife`, `umd`). In environments following proper input sanitization practices, the risk is significantly mitigated. Moreover, the vulnerability does not enable direct code injection or compromise by default but rather leverages existing script elements, reducing the likelihood of widespread exploitation compared to higher severity issues.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45812"
},
{
"category": "external",
"summary": "RHBZ#2312935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45812"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad",
"url": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3",
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
"url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986"
},
{
"category": "external",
"summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
"url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering"
},
{
"category": "external",
"summary": "https://scnps.co/papers/sp23_domclob.pdf",
"url": "https://scnps.co/papers/sp23_domclob.pdf"
}
],
"release_date": "2024-09-17T20:15:06.037000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vite: XSS via DOM Clobbering gadget found in vite bundled scripts"
},
{
"cve": "CVE-2024-47068",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-23T16:20:20.383320+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314249"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as moderate severity rather than important because it requires a specific and relatively uncommon attack vector to exploit\u2014namely, attacker-controlled scriptless HTML elements, such as an unsanitized name attribute in an img tag, which are typically less prevalent in well-maintained web applications. Additionally, the impact is limited to scenarios where import.meta is improperly handled in specific module formats (`cjs`, `umd`, `iife`), and the vulnerability can only lead to cross-site scripting (XSS) under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47068"
},
{
"category": "external",
"summary": "RHBZ#2314249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314249"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162",
"url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185",
"url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4",
"url": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541",
"url": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm"
}
],
"release_date": "2024-09-23T16:15:06.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS"
}
]
}
rhsa-2024_11255
Vulnerability from csaf_redhat
Published
2024-12-17 10:22
Modified
2024-12-19 16:17
Summary
Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1
Notes
Topic
Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate
Details
Red Hat Trusted Profile Analyzer 1.2.1
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Trusted Profile Analyzer 1.2.1",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:11255",
"url": "https://access.redhat.com/errata/RHSA-2024:11255"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1865",
"url": "https://issues.redhat.com/browse/TC-1865"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1873",
"url": "https://issues.redhat.com/browse/TC-1873"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1880",
"url": "https://issues.redhat.com/browse/TC-1880"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1892",
"url": "https://issues.redhat.com/browse/TC-1892"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1928",
"url": "https://issues.redhat.com/browse/TC-1928"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1947",
"url": "https://issues.redhat.com/browse/TC-1947"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1970",
"url": "https://issues.redhat.com/browse/TC-1970"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1868",
"url": "https://issues.redhat.com/browse/TC-1868"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1937",
"url": "https://issues.redhat.com/browse/TC-1937"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1795",
"url": "https://issues.redhat.com/browse/TC-1795"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1824",
"url": "https://issues.redhat.com/browse/TC-1824"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/TC-1870",
"url": "https://issues.redhat.com/browse/TC-1870"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11255.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1",
"tracking": {
"current_release_date": "2024-12-19T16:17:41+00:00",
"generator": {
"date": "2024-12-19T16:17:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:11255",
"initial_release_date": "2024-12-17T10:22:51+00:00",
"revision_history": [
{
"date": "2024-12-17T10:22:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-17T10:22:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-19T16:17:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Profile Analyzer 1.2",
"product": {
"name": "Red Hat Trusted Profile Analyzer 1.2",
"product_id": "Red Hat Trusted Profile Analyzer 1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_profile_analyzer:1.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Profile Analyzer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64",
"product": {
"name": "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64",
"product_id": "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhtpa-trustification-service-rhel9@sha256%3A8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe?arch=amd64\u0026repository_url=registry.redhat.io/rhtpa\u0026tag=1.2.1-1733826968"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64 as a component of Red Hat Trusted Profile Analyzer 1.2",
"product_id": "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64"
},
"product_reference": "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64",
"relates_to_product_reference": "Red Hat Trusted Profile Analyzer 1.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-19T01:20:29.981665+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313454"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf: StackOverflow vulnerability in Protocol Buffers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack\u0027s capacity, causing the application to crash or become unresponsive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-7254"
},
{
"category": "external",
"summary": "RHBZ#2313454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa",
"url": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa"
}
],
"release_date": "2024-09-19T01:15:10.963000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T10:22:51+00:00",
"details": "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11255"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "protobuf: StackOverflow vulnerability in Protocol Buffers"
},
{
"cve": "CVE-2024-21536",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-10-19T06:00:36.846953+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2319884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-proxy-middleware: Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21536"
},
{
"category": "external",
"summary": "RHBZ#2319884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536"
},
{
"category": "external",
"summary": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a",
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906",
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
}
],
"release_date": "2024-10-19T05:00:04.056000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T10:22:51+00:00",
"details": "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11255"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have any mitigation recommendations at this time.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-proxy-middleware: Denial of Service"
},
{
"cve": "CVE-2024-21538",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-11-08T13:44:29.182678+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2324550"
}
],
"notes": [
{
"category": "description",
"text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cross-spawn: regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "RHBZ#2324550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324550"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/pull/160",
"url": "https://github.com/moxystudio/node-cross-spawn/pull/160"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230",
"url": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230"
}
],
"release_date": "2024-11-08T05:00:04.695000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T10:22:51+00:00",
"details": "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.",
"product_ids": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11255"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cross-spawn: regular expression denial of service"
}
]
}
rhsa-2024_10962
Vulnerability from csaf_redhat
Published
2024-12-11 16:47
Modified
2024-12-20 18:57
Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release
Notes
Topic
A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released
Details
Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10962",
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10962.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release",
"tracking": {
"current_release_date": "2024-12-20T18:57:01+00:00",
"generator": {
"date": "2024-12-20T18:57:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:10962",
"initial_release_date": "2024-12-11T16:47:10+00:00",
"revision_history": [
{
"date": "2024-12-11T16:47:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-11T16:47:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-20T18:57:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 3.4",
"product": {
"name": "Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Aeebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256%3A44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3Abf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Afd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Ac254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Ada3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3Aa7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Ab7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Afed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Ae8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Aceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Ac81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Ae537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Abb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3Ae7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3Ab541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Ab0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3A44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Ab9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3Afe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21536",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-10-19T06:00:36.846953+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2319884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-proxy-middleware: Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21536"
},
{
"category": "external",
"summary": "RHBZ#2319884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536"
},
{
"category": "external",
"summary": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a",
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906",
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
}
],
"release_date": "2024-10-19T05:00:04.056000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have any mitigation recommendations at this time.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-proxy-middleware: Denial of Service"
},
{
"cve": "CVE-2024-43796",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:28.106254+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: Improper Input Handling in Express Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43796"
},
{
"category": "external",
"summary": "RHBZ#2311152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553",
"url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx",
"url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx"
}
],
"release_date": "2024-09-10T15:15:17.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: Improper Input Handling in Express Redirects"
},
{
"cve": "CVE-2024-43799",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:30.869487+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311153"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "send: Code Execution Vulnerability in Send Library",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43799"
},
{
"category": "external",
"summary": "RHBZ#2311153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
"url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
"url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
}
],
"release_date": "2024-09-10T15:15:17.727000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "send: Code Execution Vulnerability in Send Library"
},
{
"cve": "CVE-2024-43800",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:33.631718+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "serve-static: Improper Sanitization in serve-static",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43800"
},
{
"category": "external",
"summary": "RHBZ#2311154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b",
"url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa",
"url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p",
"url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p"
}
],
"release_date": "2024-09-10T15:15:17.937000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "serve-static: Improper Sanitization in serve-static"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45590",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2024-09-10T16:20:29.292154+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "body-parser: Denial of Service Vulnerability in body-parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "RHBZ#2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
}
],
"release_date": "2024-09-10T16:15:21.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "body-parser: Denial of Service Vulnerability in body-parser"
},
{
"cve": "CVE-2024-45811",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-09-17T20:00:49.944925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312930"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ViteJS. `@fs` denies access to files outside of Vite serving allow list. Adding `?import\u0026raw` to the URL bypasses this limitation and returns the file content if it exists, which can allow an attacker to access arbitrary files via the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vite: server.fs.deny is bypassed when using `?import\u0026raw`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as moderate rather than high severity because it requires specific conditions for exploitation. The attacker must have access to the Vite server, which typically runs in a local development environment rather than in production. Additionally, the bypass allows file access only if the file path is already known or predictable, limiting the attacker\u0027s ability to arbitrarily explore the file system. While it exposes file content outside the Vite serving allow list, the scope of access is constrained, and the impact can be mitigated by proper server configurations and deployment practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45811"
},
{
"category": "external",
"summary": "RHBZ#2312930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45811",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45811"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite",
"url": "https://github.com/vitejs/vite"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249",
"url": "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34",
"url": "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd",
"url": "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6",
"url": "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7",
"url": "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx",
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx"
}
],
"release_date": "2024-09-17T18:44:12+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vite: server.fs.deny is bypassed when using `?import\u0026raw`"
},
{
"cve": "CVE-2024-45812",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-17T20:20:07.064245+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312935"
}
],
"notes": [
{
"category": "description",
"text": "A DOM clobbering vulnerability was found in ViteJS. This may lead to cross-site scripting (XSS) attacks on websites that include Vite-bundled files configured with an output format of cjs, iife, or umd, and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vite: XSS via DOM Clobbering gadget found in vite bundled scripts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is classified as moderate severity rather than important due to the specific conditions required to exploit the vulnerability. While DOM Clobbering can lead to Cross-Site Scripting (XSS), the attack surface is relatively limited. Exploitation is contingent on the presence of unsanitized user-supplied HTML with certain scriptless attributes (`name`, `id`) and the use of particular Vite build outputs (`cjs`, `iife`, `umd`). In environments following proper input sanitization practices, the risk is significantly mitigated. Moreover, the vulnerability does not enable direct code injection or compromise by default but rather leverages existing script elements, reducing the likelihood of widespread exploitation compared to higher severity issues.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45812"
},
{
"category": "external",
"summary": "RHBZ#2312935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45812"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad",
"url": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3",
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
"url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986"
},
{
"category": "external",
"summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
"url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering"
},
{
"category": "external",
"summary": "https://scnps.co/papers/sp23_domclob.pdf",
"url": "https://scnps.co/papers/sp23_domclob.pdf"
}
],
"release_date": "2024-09-17T20:15:06.037000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vite: XSS via DOM Clobbering gadget found in vite bundled scripts"
},
{
"cve": "CVE-2024-47068",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-23T16:20:20.383320+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314249"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as moderate severity rather than important because it requires a specific and relatively uncommon attack vector to exploit\u2014namely, attacker-controlled scriptless HTML elements, such as an unsanitized name attribute in an img tag, which are typically less prevalent in well-maintained web applications. Additionally, the impact is limited to scenarios where import.meta is improperly handled in specific module formats (`cjs`, `umd`, `iife`), and the vulnerability can only lead to cross-site scripting (XSS) under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47068"
},
{
"category": "external",
"summary": "RHBZ#2314249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314249"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162",
"url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185",
"url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4",
"url": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541",
"url": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm"
}
],
"release_date": "2024-09-23T16:15:06.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS"
}
]
}
rhsa-2024_9627
Vulnerability from csaf_redhat
Published
2024-11-14 08:35
Modified
2024-12-18 22:51
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.3
Notes
Topic
Red Hat OpenShift Service Mesh Containers for 2.6.3
This update has a security impact of Moderate. A Common Vulnerability Scoring
System (CVSS) base score, which gives a detailed severity rating, is available
for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* kiali-ossmc-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8280)
* openshift-istio-kiali-rhel8-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8281)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh Containers for 2.6.3\n\nThis update has a security impact of Moderate. A Common Vulnerability Scoring\nSystem (CVSS) base score, which gives a detailed severity rating, is available\nfor each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* kiali-ossmc-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8280)\n\n* openshift-istio-kiali-rhel8-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8281)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9627",
"url": "https://access.redhat.com/errata/RHSA-2024:9627"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2319884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319884"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9627.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.3",
"tracking": {
"current_release_date": "2024-12-18T22:51:09+00:00",
"generator": {
"date": "2024-12-18T22:51:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:9627",
"initial_release_date": "2024-11-14T08:35:32+00:00",
"revision_history": [
{
"date": "2024-11-14T08:35:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-14T08:35:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T22:51:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.6 for RHEL 8",
"product": {
"name": "RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el8"
}
}
},
{
"category": "product_name",
"name": "RHOSSM 2.6 for RHEL 9",
"product": {
"name": "RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.3-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.7-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.3-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.3-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.3-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.3-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.7-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.3-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.3-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.3-4"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.3-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.7-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.3-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.3-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.3-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.3-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.7-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.3-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.3-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.3-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.3-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.3-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64 as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64 as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21536",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-10-19T06:00:36.846953+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2319884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-proxy-middleware: Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21536"
},
{
"category": "external",
"summary": "RHBZ#2319884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536"
},
{
"category": "external",
"summary": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a",
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906",
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
}
],
"release_date": "2024-10-19T05:00:04.056000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T08:35:32+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9627"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have any mitigation recommendations at this time.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-proxy-middleware: Denial of Service"
}
]
}
wid-sec-w-2024-3468
Vulnerability from csaf_certbund
Published
2024-11-13 23:00
Modified
2024-11-13 23:00
Summary
Red Hat OpenShift: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3468 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3468.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3468 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3468"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-11-13",
"url": "https://access.redhat.com/errata/RHSA-2024:9627"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2024-11-13T23:00:00.000+00:00",
"generator": {
"date": "2024-11-14T12:15:23.742+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3468",
"initial_release_date": "2024-11-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-11-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Service Mesh Containers \u003c2.6.3",
"product": {
"name": "Red Hat OpenShift Service Mesh Containers \u003c2.6.3",
"product_id": "T039183"
}
},
{
"category": "product_version",
"name": "Service Mesh Containers 2.6.3",
"product": {
"name": "Red Hat OpenShift Service Mesh Containers 2.6.3",
"product_id": "T039183-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:service_mesh_containers__2.6.3"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21536",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler existiert im http-proxy-middleware-Paket in den Service Mesh Containern wegen eines unkontrollierten Ressourcenverbrauchs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T039183"
]
},
"release_date": "2024-11-13T23:00:00.000+00:00",
"title": "CVE-2024-21536"
}
]
}
wid-sec-w-2024-3511
Vulnerability from csaf_certbund
Published
2024-11-19 23:00
Modified
2024-11-19 23:00
Summary
IBM App Connect Enterprise: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3511 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3511.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3511 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3511"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2024-11-19",
"url": "https://www.ibm.com/support/pages/node/7176616"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2024-11-19T23:00:00.000+00:00",
"generator": {
"date": "2024-11-20T12:42:45.951+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3511",
"initial_release_date": "2024-11-19T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.5.1",
"product": {
"name": "IBM App Connect Enterprise \u003c12.5.1",
"product_id": "T039345"
}
},
{
"category": "product_version",
"name": "12.5.1",
"product": {
"name": "IBM App Connect Enterprise 12.5.1",
"product_id": "T039345-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.5.1"
}
}
},
{
"category": "product_version_range",
"name": "LTS \u003c12.0.5",
"product": {
"name": "IBM App Connect Enterprise LTS \u003c12.0.5",
"product_id": "T039346"
}
},
{
"category": "product_version",
"name": "LTS 12.0.5",
"product": {
"name": "IBM App Connect Enterprise LTS 12.0.5",
"product_id": "T039346-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:lts__12.0.5"
}
}
},
{
"category": "product_version_range",
"name": "LTS \u003c5.0.22",
"product": {
"name": "IBM App Connect Enterprise LTS \u003c5.0.22",
"product_id": "T039347"
}
},
{
"category": "product_version",
"name": "LTS 5.0.22",
"product": {
"name": "IBM App Connect Enterprise LTS 5.0.22",
"product_id": "T039347-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:lts__5.0.22"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21536",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM App Connect Enterprise. Dieser Fehler betrifft das Node.js-Modul in den \"Dashboard and DesignerAuthoring\" Komponenten aufgrund einer unsachgem\u00e4\u00dfen Ressourcenbehandlung in der http-proxy-middleware. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er manipulierte Anfragen an bestimmte Pfade sendet."
}
],
"product_status": {
"known_affected": [
"T039347",
"T039346",
"T039345"
]
},
"release_date": "2024-11-19T23:00:00.000+00:00",
"title": "CVE-2024-21536"
}
]
}
ghsa-c7qv-q95q-8v27
Vulnerability from github
Published
2024-10-19 06:30
Modified
2024-10-22 19:47
Severity ?
Summary
Denial of service in http-proxy-middleware
Details
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "http-proxy-middleware"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "http-proxy-middleware"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-21536"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-22T19:47:41Z",
"nvd_published_at": "2024-10-19T05:15:13Z",
"severity": "HIGH"
},
"details": "Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.",
"id": "GHSA-c7qv-q95q-8v27",
"modified": "2024-10-22T19:47:41Z",
"published": "2024-10-19T06:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536"
},
{
"type": "WEB",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
},
{
"type": "WEB",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"type": "WEB",
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"type": "PACKAGE",
"url": "https://github.com/chimurai/http-proxy-middleware"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Denial of service in http-proxy-middleware"
}
gsd-2024-21536
Vulnerability from gsd
Modified
2023-12-23 06:02
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-21536"
],
"id": "GSD-2024-21536",
"modified": "2023-12-23T06:02:09.421580Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-21536",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.