Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-21536
Vulnerability from cvelistv5
Published
2024-10-19 05:00
Modified
2024-10-21 16:31
Severity ?
EPSS score ?
Summary
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | http-proxy-middleware |
Version: 0 ≤ Version: 3.0.0 ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "http-proxy-middleware", vendor: "chimurai", versions: [ { lessThan: "2.0.7", status: "affected", version: "0", versionType: "semver", }, { lessThan: "3.0.3", status: "affected", version: "3.0.0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-21536", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T15:20:45.568615Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T16:31:29.125Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "http-proxy-middleware", vendor: "n/a", versions: [ { lessThan: "2.0.7", status: "affected", version: "0", versionType: "semver", }, { lessThan: "3.0.3", status: "affected", version: "3.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", value: "Marc Hassan", }, ], descriptions: [ { lang: "en", value: "Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Denial of Service (DoS)", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-21T11:22:36.064Z", orgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", shortName: "snyk", }, references: [ { url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, { url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, ], }, }, cveMetadata: { assignerOrgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", assignerShortName: "snyk", cveId: "CVE-2024-21536", datePublished: "2024-10-19T05:00:04.056Z", dateReserved: "2023-12-22T12:33:20.123Z", dateUpdated: "2024-10-21T16:31:29.125Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2024-21536\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2024-10-19T05:15:13.097\",\"lastModified\":\"2024-11-01T18:03:15.897\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.\"},{\"lang\":\"es\",\"value\":\"Las versiones del paquete http-proxy-middleware anteriores a la 2.0.7, a la 3.0.0 y a la 3.0.3 es vulnerable a un ataque de denegación de servicio (DoS) debido a un error UnhandledPromiseRejection generado por micromatch. Un atacante podría matar el proceso Node.js y bloquear el servidor al realizar solicitudes a determinadas rutas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.7\",\"matchCriteriaId\":\"A1C31D2C-0CB7-4D28-8658-42632A65F7F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.3\",\"matchCriteriaId\":\"A89EB4F5-1978-4172-A52D-8504F87E110E\"}]}]}],\"references\":[{\"url\":\"https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21536\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-21T15:20:45.568615Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*\"], \"vendor\": \"chimurai\", \"product\": \"http-proxy-middleware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.0.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.3\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-21T15:47:24.380Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Marc Hassan\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"http-proxy-middleware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.0.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.3\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906\"}, {\"url\": \"https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a\"}, {\"url\": \"https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22\"}, {\"url\": \"https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-400\", \"description\": \"Denial of Service (DoS)\"}]}], \"providerMetadata\": {\"orgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"shortName\": \"snyk\", \"dateUpdated\": \"2024-10-21T11:22:36.064Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-21536\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-21T16:31:29.125Z\", \"dateReserved\": \"2023-12-22T12:33:20.123Z\", \"assignerOrgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"datePublished\": \"2024-10-19T05:00:04.056Z\", \"assignerShortName\": \"snyk\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
gsd-2024-21536
Vulnerability from gsd
Modified
2023-12-23 06:02
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{ gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2024-21536", ], id: "GSD-2024-21536", modified: "2023-12-23T06:02:09.421580Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2024-21536", STATE: "RESERVED", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", }, ], }, }, }, }
rhsa-2025:1249
Vulnerability from csaf_redhat
Published
2025-02-10 18:38
Modified
2025-04-17 12:07
Summary
Red Hat Security Advisory: updated discovery container images
Notes
Topic
Updated container images are now available for Discovery 1.12.
Details
The Discovery container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to these new images specifically, or to the latest images generally.
Fixed CVEs:
CVE-2024-39338
CVE-2024-56201
CVE-2024-45590
CVE-2024-41991
CVE-2024-42005
CVE-2024-41989
CVE-2024-8775
CVE-2024-43799
CVE-2024-43796
CVE-2024-43800
CVE-2024-45296
CVE-2024-43788
CVE-2024-21536
CVE-2024-56326
CVE-2024-21538
CVE-2020-11023
CVE-2024-55565
CVE-2023-44270
CVE-2024-6485
CVE-2024-53907
CVE-2024-56374
CVE-2024-52798
CVE-2024-31449
CVE-2024-46981
CVE-2024-31228
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated container images are now available for Discovery 1.12.", title: "Topic", }, { category: "general", text: "The Discovery container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to these new images specifically, or to the latest images generally.\n\nFixed CVEs:\nCVE-2024-39338\nCVE-2024-56201\nCVE-2024-45590\nCVE-2024-41991\nCVE-2024-42005\nCVE-2024-41989\nCVE-2024-8775\nCVE-2024-43799\nCVE-2024-43796\nCVE-2024-43800\nCVE-2024-45296\nCVE-2024-43788\nCVE-2024-21536\nCVE-2024-56326\nCVE-2024-21538\nCVE-2020-11023\nCVE-2024-55565\nCVE-2023-44270\nCVE-2024-6485\nCVE-2024-53907\nCVE-2024-56374\nCVE-2024-52798\nCVE-2024-31449\nCVE-2024-46981\nCVE-2024-31228", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2025:1249", url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "DISCOVERY-895", url: "https://issues.redhat.com/browse/DISCOVERY-895", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1249.json", }, ], title: "Red Hat Security Advisory: updated discovery container images", tracking: { current_release_date: "2025-04-17T12:07:33+00:00", generator: { date: "2025-04-17T12:07:33+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2025:1249", initial_release_date: "2025-02-10T18:38:39+00:00", revision_history: [ { date: "2025-02-10T18:38:39+00:00", number: "1", summary: "Initial version", }, { date: "2025-02-10T18:38:39+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-17T12:07:33+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Discovery 1 for RHEL 9", product: { name: "Discovery 1 for RHEL 9", product_id: "9Base-discovery-1", product_identification_helper: { cpe: "cpe:/o:redhat:discovery:1.0::el9", }, }, }, ], category: "product_family", name: "Red Hat Discovery", }, { branches: [ { category: "product_version", name: "discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", product: { name: "discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", product_id: "discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", product_identification_helper: { purl: "pkg:oci/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771?arch=amd64&repository_url=registry.redhat.io/discovery/discovery-server-rhel9&tag=1.12.0-1", }, }, }, { category: "product_version", name: "discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", product: { name: "discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", product_id: "discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", product_identification_helper: { purl: "pkg:oci/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a?arch=amd64&repository_url=registry.redhat.io/discovery/discovery-ui-rhel9&tag=1.12.0-1", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", product: { name: "discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", product_id: "discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", product_identification_helper: { purl: "pkg:oci/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70?arch=arm64&repository_url=registry.redhat.io/discovery/discovery-server-rhel9&tag=1.12.0-1", }, }, }, { category: "product_version", name: "discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", product: { name: "discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", product_id: "discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", product_identification_helper: { purl: "pkg:oci/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c?arch=arm64&repository_url=registry.redhat.io/discovery/discovery-ui-rhel9&tag=1.12.0-1", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64 as a component of Discovery 1 for RHEL 9", product_id: "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", }, product_reference: "discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", relates_to_product_reference: "9Base-discovery-1", }, { category: "default_component_of", full_product_name: { name: "discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64 as a component of Discovery 1 for RHEL 9", product_id: "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", }, product_reference: "discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", relates_to_product_reference: "9Base-discovery-1", }, { category: "default_component_of", full_product_name: { name: "discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64 as a component of Discovery 1 for RHEL 9", product_id: "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", }, product_reference: "discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", relates_to_product_reference: "9Base-discovery-1", }, { category: "default_component_of", full_product_name: { name: "discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64 as a component of Discovery 1 for RHEL 9", product_id: "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", }, product_reference: "discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", relates_to_product_reference: "9Base-discovery-1", }, ], }, vulnerabilities: [ { cve: "CVE-2020-11023", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2020-06-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1850004", }, ], notes: [ { category: "description", text: "A flaw was found in jQuery. HTML containing \\<option\\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The 'gcc' and 'tbb' packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the 'gcc' component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-11023", }, { category: "external", summary: "RHBZ#1850004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1850004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-11023", url: "https://www.cve.org/CVERecord?id=CVE-2020-11023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", }, { category: "external", summary: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2020-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "exploit_status", date: "2025-01-23T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Moderate", }, ], title: "jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods", }, { cve: "CVE-2023-44270", cwe: { id: "CWE-93", name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", }, discovery_date: "2024-11-18T14:11:50.400987+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2326998", }, ], notes: [ { category: "description", text: "An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.", title: "Vulnerability description", }, { category: "summary", text: "PostCSS: Improper input validation in PostCSS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-44270", }, { category: "external", summary: "RHBZ#2326998", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2326998", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-44270", url: "https://www.cve.org/CVERecord?id=CVE-2023-44270", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-44270", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-44270", }, { category: "external", summary: "https://github.com/github/advisory-database/issues/2820", url: "https://github.com/github/advisory-database/issues/2820", }, { category: "external", summary: "https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25", url: "https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25", }, { category: "external", summary: "https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5", url: "https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5", }, { category: "external", summary: "https://github.com/postcss/postcss/releases/tag/8.4.31", url: "https://github.com/postcss/postcss/releases/tag/8.4.31", }, ], release_date: "2023-09-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "There's no known mitigation for this issue. Red Hat recommends to not parse untrusted CSS input using PostCSS.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "PostCSS: Improper input validation in PostCSS", }, { cve: "CVE-2024-6485", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-07-11T17:30:47+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2297388", }, ], notes: [ { category: "description", text: "A vulnerability was found in bootstrap associated with the data-loading-text attribute within the button plugin. This vulnerability allows malicious JavaScript code to be injected into the attribute, which is then executed when the button's loading state is triggered.", title: "Vulnerability description", }, { category: "summary", text: "bootstrap: Cross-Site Scripting via button plugin on bootstrap", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-6485", }, { category: "external", summary: "RHBZ#2297388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2297388", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-6485", url: "https://www.cve.org/CVERecord?id=CVE-2024-6485", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-6485", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-6485", }, { category: "external", summary: "https://www.herodevs.com/vulnerability-directory/cve-2024-6485", url: "https://www.herodevs.com/vulnerability-directory/cve-2024-6485", }, ], release_date: "2024-07-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bootstrap: Cross-Site Scripting via button plugin on bootstrap", }, { cve: "CVE-2024-8775", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2024-09-13T08:31:27.781000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312119", }, ], notes: [ { category: "description", text: "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.", title: "Vulnerability description", }, { category: "summary", text: "ansible-core: Exposure of Sensitive Information in Ansible Vault Files Due to Improper Logging", title: "Vulnerability summary", }, { category: "other", text: "This issue is classified as moderate rather than important because while it does expose sensitive information during playbook execution, the exposure is limited to logs and output generated during the run, which is typically accessible only to authorized users with sufficient privileges. The flaw does not result in an immediate or direct compromise of systems, as no remote exploitation vector is introduced. Additionally, the risk can be mitigated through proper configuration (`no_log: true`) and access control measures, reducing the likelihood of unauthorized access to the logged data. However, the unintentional disclosure of secrets like passwords or API keys still presents a potential risk for privilege escalation or lateral movement within an environment, justifying a moderate severity rating.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8775", }, { category: "external", summary: "RHBZ#2312119", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312119", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8775", url: "https://www.cve.org/CVERecord?id=CVE-2024-8775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8775", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8775", }, { category: "external", summary: "https://github.com/advisories/GHSA-jpxc-vmjf-9fcj", url: "https://github.com/advisories/GHSA-jpxc-vmjf-9fcj", }, ], release_date: "2024-09-13T08:35:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ansible-core: Exposure of Sensitive Information in Ansible Vault Files Due to Improper Logging", }, { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-21538", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-11-08T13:44:29.182678+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2324550", }, ], notes: [ { category: "description", text: "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.", title: "Vulnerability description", }, { category: "summary", text: "cross-spawn: regular expression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21538", }, { category: "external", summary: "RHBZ#2324550", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2324550", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21538", url: "https://www.cve.org/CVERecord?id=CVE-2024-21538", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", url: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", url: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/pull/160", url: "https://github.com/moxystudio/node-cross-spawn/pull/160", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", url: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", }, ], release_date: "2024-11-08T05:00:04.695000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "cross-spawn: regular expression denial of service", }, { cve: "CVE-2024-31228", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2024-10-07T20:01:32.319599+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2317058", }, ], notes: [ { category: "description", text: "A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST`, and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crashes.", title: "Vulnerability description", }, { category: "summary", text: "redis: Denial-of-service due to unbounded pattern matching in Redis", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-31228", }, { category: "external", summary: "RHBZ#2317058", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2317058", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-31228", url: "https://www.cve.org/CVERecord?id=CVE-2024-31228", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-31228", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-31228", }, { category: "external", summary: "https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0", url: "https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0", }, { category: "external", summary: "https://github.com/redis/redis/security/advisories/GHSA-66gq-c942-6976", url: "https://github.com/redis/redis/security/advisories/GHSA-66gq-c942-6976", }, ], release_date: "2024-10-07T19:51:06.784000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "redis: Denial-of-service due to unbounded pattern matching in Redis", }, { cve: "CVE-2024-31449", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-10-07T20:01:19.998028+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2317056", }, ], notes: [ { category: "description", text: "A flaw was found in Redis. This flaw allows an authenticated user to use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may lead to remote code execution. The problem exists in all versions of Redis with Lua scripting.", title: "Vulnerability description", }, { category: "summary", text: "redis: Lua library commands may lead to stack overflow and RCE in Redis", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-31449", }, { category: "external", summary: "RHBZ#2317056", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2317056", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-31449", url: "https://www.cve.org/CVERecord?id=CVE-2024-31449", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-31449", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-31449", }, { category: "external", summary: "https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9", url: "https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9", }, { category: "external", summary: "https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5", url: "https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5", }, ], release_date: "2024-10-07T19:51:08.775000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "redis: Lua library commands may lead to stack overflow and RCE in Redis", }, { cve: "CVE-2024-39338", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-08-13T17:21:32.774718+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2304369", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "axios: axios: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-39338", }, { category: "external", summary: "RHBZ#2304369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2304369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-39338", url: "https://www.cve.org/CVERecord?id=CVE-2024-39338", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", }, { category: "external", summary: "https://github.com/axios/axios/releases", url: "https://github.com/axios/axios/releases", }, { category: "external", summary: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", url: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", }, ], release_date: "2024-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "axios: axios: Server-Side Request Forgery", }, { cve: "CVE-2024-41989", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-08-02T01:40:06+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2302433", }, ], notes: [ { category: "description", text: "A security issue was found in Django. If 'floatformat' received a string representation of a number in scientific notation with a large exponent, it could lead to significant memory consumption. To avoid this, decimals with more than 200 digits are now returned as is.", title: "Vulnerability description", }, { category: "summary", text: "python-django: Memory exhaustion in django.utils.numberformat.floatformat()", title: "Vulnerability summary", }, { category: "other", text: "This issue is categorized as moderate severity rather than important because, while it has the potential to cause significant memory consumption under specific conditions, the likelihood of such a scenario occurring in typical applications is relatively low. The issue arises primarily when processing extremely large numbers in scientific notation, which is not a common use case in most Django applications. Additionally, the impact is localized to the floatformat function, and the issue does not expose sensitive data or compromise the integrity of the application.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-41989", }, { category: "external", summary: "RHBZ#2302433", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2302433", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-41989", url: "https://www.cve.org/CVERecord?id=CVE-2024-41989", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-41989", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-41989", }, ], release_date: "2024-08-06T13:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-django: Memory exhaustion in django.utils.numberformat.floatformat()", }, { cve: "CVE-2024-41991", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-08-02T02:03:22+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2302435", }, ], notes: [ { category: "description", text: "A flaw was found in Django. 'urlize', 'urlizetrunc', and 'AdminURLFieldWidget' may be subject to a denial of service attack via certain inputs with a very large number of Unicode characters.", title: "Vulnerability description", }, { category: "summary", text: "python-django: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget", title: "Vulnerability summary", }, { category: "other", text: "The identified vulnerability in Django's urlize, urlizetrunc template filters, and the AdminURLFieldWidget widget is classified as moderate severity rather than important due to its specific attack vector and impact. While the flaw allows for a potential denial-of-service (DoS) attack via inputs with a large number of Unicode characters, exploiting this vulnerability requires a significant volume of data to be processed by these components, which is a non-trivial task. Additionally, standard mitigation measures such as input validation, rate limiting, and monitoring can effectively reduce the risk.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-41991", }, { category: "external", summary: "RHBZ#2302435", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2302435", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-41991", url: "https://www.cve.org/CVERecord?id=CVE-2024-41991", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-41991", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-41991", }, { category: "external", summary: "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", url: "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", }, ], release_date: "2024-08-06T13:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-django: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget", }, { cve: "CVE-2024-42005", cwe: { id: "CWE-89", name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", }, discovery_date: "2024-08-02T02:08:30+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2302436", }, ], notes: [ { category: "description", text: "A flaw was found in Django. The QuerySet.values() and QuerySet.values_list() methods on models with a JSONField were subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.", title: "Vulnerability description", }, { category: "summary", text: "python-django: Potential SQL injection in QuerySet.values() and values_list()", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is considered of moderate severity rather than high or critical because it requires specific conditions to be exploitable. The potential for SQL injection exists only when QuerySet.values() or values_list() methods are used on models with a JSONField, and an attacker must have control over the JSON object keys passed as arguments. In typical use cases, these methods are often used with predefined or controlled data, limiting the attack surface. Furthermore, the impact is constrained to the manipulation of column aliases, rather than direct injection into more critical parts of the SQL query, reducing the overall risk compared to more direct forms of SQL injection vulnerabilities.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-42005", }, { category: "external", summary: "RHBZ#2302436", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2302436", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-42005", url: "https://www.cve.org/CVERecord?id=CVE-2024-42005", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-42005", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-42005", }, { category: "external", summary: "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", url: "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", }, ], release_date: "2024-08-06T13:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "python-django: Potential SQL injection in QuerySet.values() and values_list()", }, { cve: "CVE-2024-43788", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-08-27T17:20:06.890123+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2308193", }, ], notes: [ { category: "description", text: "A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.", title: "Vulnerability description", }, { category: "summary", text: "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule", title: "Vulnerability summary", }, { category: "other", text: "The severity of this issue is classified as moderate rather than important due to the specific conditions required for exploitation. DOM Clobbering, while serious, can only be leveraged in environments where an attacker has the ability to inject unsanitized HTML attributes (e.g., `name` or `id`) into a web page. This limits the attack surface to applications that improperly sanitize user input and rely on Webpack-generated files. Furthermore, the exploitation depends on existing vulnerabilities in the sanitization process, rather than the direct execution of arbitrary scripts. As a result, while the issue can lead to XSS, its impact is constrained by the contextual requirement of HTML injection, lowering its overall severity compared to more direct XSS vectors.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43788", }, { category: "external", summary: "RHBZ#2308193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43788", url: "https://www.cve.org/CVERecord?id=CVE-2024-43788", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43788", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43788", }, { category: "external", summary: "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61", url: "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61", }, { category: "external", summary: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", url: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", }, { category: "external", summary: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", url: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", }, { category: "external", summary: "https://scnps.co/papers/sp23_domclob.pdf", url: "https://scnps.co/papers/sp23_domclob.pdf", }, ], release_date: "2024-08-27T17:15:07.967000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule", }, { cve: "CVE-2024-43796", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:28.106254+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311152", }, ], notes: [ { category: "description", text: "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.", title: "Vulnerability description", }, { category: "summary", text: "express: Improper Input Handling in Express Redirects", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43796", }, { category: "external", summary: "RHBZ#2311152", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311152", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43796", url: "https://www.cve.org/CVERecord?id=CVE-2024-43796", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", }, { category: "external", summary: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", url: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", url: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", }, ], release_date: "2024-09-10T15:15:17.510000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "express: Improper Input Handling in Express Redirects", }, { cve: "CVE-2024-43799", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:30.869487+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311153", }, ], notes: [ { category: "description", text: "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", title: "Vulnerability description", }, { category: "summary", text: "send: Code Execution Vulnerability in Send Library", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "RHBZ#2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43799", url: "https://www.cve.org/CVERecord?id=CVE-2024-43799", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", }, { category: "external", summary: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", url: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", }, { category: "external", summary: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", url: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", }, ], release_date: "2024-09-10T15:15:17.727000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "send: Code Execution Vulnerability in Send Library", }, { cve: "CVE-2024-43800", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:33.631718+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311154", }, ], notes: [ { category: "description", text: "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", title: "Vulnerability description", }, { category: "summary", text: "serve-static: Improper Sanitization in serve-static", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "RHBZ#2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43800", url: "https://www.cve.org/CVERecord?id=CVE-2024-43800", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", url: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", url: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", }, { category: "external", summary: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", url: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", }, ], release_date: "2024-09-10T15:15:17.937000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "serve-static: Improper Sanitization in serve-static", }, { cve: "CVE-2024-45296", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-09-09T19:20:18.127723+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310908", }, ], notes: [ { category: "description", text: "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "path-to-regexp: Backtracking regular expressions cause ReDoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "RHBZ#2310908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310908", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45296", url: "https://www.cve.org/CVERecord?id=CVE-2024-45296", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", url: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", url: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", url: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", }, ], release_date: "2024-09-09T19:15:13.330000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "path-to-regexp: Backtracking regular expressions cause ReDoS", }, { cve: "CVE-2024-45590", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2024-09-10T16:20:29.292154+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311171", }, ], notes: [ { category: "description", text: "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", title: "Vulnerability description", }, { category: "summary", text: "body-parser: Denial of Service Vulnerability in body-parser", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "RHBZ#2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45590", url: "https://www.cve.org/CVERecord?id=CVE-2024-45590", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", }, { category: "external", summary: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", url: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", }, { category: "external", summary: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", url: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", }, ], release_date: "2024-09-10T16:15:21.083000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "body-parser: Denial of Service Vulnerability in body-parser", }, { cve: "CVE-2024-46981", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2025-01-06T22:00:39.382359+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2336004", }, ], notes: [ { category: "description", text: "A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "redis: Redis' Lua library commands may lead to remote code execution", title: "Vulnerability summary", }, { category: "other", text: "The problem exists in all versions of Redis with Lua scripting.\n\nThis vulnerability in Redis is classified as high severity rather than moderate due to its potential impact and exploitation scope. By manipulating the Lua garbage collector through crafted scripts, an authenticated attacker can achieve remote code execution (RCE), allowing them to execute arbitrary commands on the host system. This compromises not only the integrity and confidentiality of the data stored in Redis but also the underlying server itself. Furthermore, the exploitation does not require direct access to the server binary, making it feasible for attackers to execute through legitimate, albeit malicious, commands.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-46981", }, { category: "external", summary: "RHBZ#2336004", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2336004", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-46981", url: "https://www.cve.org/CVERecord?id=CVE-2024-46981", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-46981", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-46981", }, { category: "external", summary: "https://github.com/redis/redis/releases/tag/6.2.17", url: "https://github.com/redis/redis/releases/tag/6.2.17", }, { category: "external", summary: "https://github.com/redis/redis/releases/tag/7.2.7", url: "https://github.com/redis/redis/releases/tag/7.2.7", }, { category: "external", summary: "https://github.com/redis/redis/releases/tag/7.4.2", url: "https://github.com/redis/redis/releases/tag/7.4.2", }, { category: "external", summary: "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c", url: "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c", }, ], release_date: "2025-01-06T21:11:51.687000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "redis: Redis' Lua library commands may lead to remote code execution", }, { cve: "CVE-2024-52798", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-12-05T23:00:59.020167+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2330689", }, ], notes: [ { category: "description", text: "A flaw was found in path-to-regexp. A path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance.", title: "Vulnerability description", }, { category: "summary", text: "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability exists because of an incomplete fix for CVE-2024-45296.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-52798", }, { category: "external", summary: "RHBZ#2330689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2330689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-52798", url: "https://www.cve.org/CVERecord?id=CVE-2024-52798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-52798", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-52798", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4", url: "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w", url: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w", }, ], release_date: "2024-12-05T22:45:42.774000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Avoid using two parameters within a single path segment when the separator is not, for example, /:a-:b. Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x", }, { cve: "CVE-2024-53907", cwe: { id: "CWE-1169", name: "CWE-1169", }, discovery_date: "2024-11-28T02:48:36.215000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2329288", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Django Web Framework. The strip_tags() and stripbtags template filter may be vulnerable to a potential denial of service (DoS) in cases of a large sequence of nested incomplete HTML entities.", title: "Vulnerability description", }, { category: "summary", text: "django: Potential denial-of-service in django.utils.html.strip_tags()", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as a Moderate severity because it exposes the strip_tags() method and striptags template filter to a potential denial-of-service attack, malicious input containing large sequences of nested incomplete HTML entities could cause excessive processing, but it does not affect data confidentiality or integrity", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-53907", }, { category: "external", summary: "RHBZ#2329288", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2329288", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-53907", url: "https://www.cve.org/CVERecord?id=CVE-2024-53907", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-53907", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-53907", }, { category: "external", summary: "https://www.djangoproject.com/weblog/2024/dec/04/security-releases/", url: "https://www.djangoproject.com/weblog/2024/dec/04/security-releases/", }, ], release_date: "2024-12-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "django: Potential denial-of-service in django.utils.html.strip_tags()", }, { cve: "CVE-2024-55565", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-12-09T02:00:45.255738+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2331063", }, ], notes: [ { category: "description", text: "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.", title: "Vulnerability description", }, { category: "summary", text: "nanoid: nanoid mishandles non-integer values", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-55565", }, { category: "external", summary: "RHBZ#2331063", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2331063", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-55565", url: "https://www.cve.org/CVERecord?id=CVE-2024-55565", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-55565", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-55565", }, { category: "external", summary: "https://github.com/ai/nanoid/compare/3.3.7...3.3.8", url: "https://github.com/ai/nanoid/compare/3.3.7...3.3.8", }, { category: "external", summary: "https://github.com/ai/nanoid/pull/510", url: "https://github.com/ai/nanoid/pull/510", }, { category: "external", summary: "https://github.com/ai/nanoid/releases/tag/5.0.9", url: "https://github.com/ai/nanoid/releases/tag/5.0.9", }, ], release_date: "2024-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "nanoid: nanoid mishandles non-integer values", }, { cve: "CVE-2024-56201", cwe: { id: "CWE-150", name: "Improper Neutralization of Escape, Meta, or Control Sequences", }, discovery_date: "2024-12-23T16:00:38.768252+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2333854", }, ], notes: [ { category: "description", text: "A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja's sandbox being used. An attacker needs to be able to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates where the template author can also choose the template filename.", title: "Vulnerability description", }, { category: "summary", text: "jinja2: Jinja has a sandbox breakout through malicious filenames", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability has rated as a IMPORTANT flaw because an attacker controlling both the template content and filename to execute arbitrary Python code, bypassing the sandbox.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-56201", }, { category: "external", summary: "RHBZ#2333854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2333854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-56201", url: "https://www.cve.org/CVERecord?id=CVE-2024-56201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-56201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-56201", }, { category: "external", summary: "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f", url: "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f", }, { category: "external", summary: "https://github.com/pallets/jinja/issues/1792", url: "https://github.com/pallets/jinja/issues/1792", }, { category: "external", summary: "https://github.com/pallets/jinja/releases/tag/3.1.5", url: "https://github.com/pallets/jinja/releases/tag/3.1.5", }, { category: "external", summary: "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699", url: "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699", }, ], release_date: "2024-12-23T15:37:36.110000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { category: "workaround", details: "To mitigate this vulnerabilty restrict user-controlled template filenames, ensuring they follow a predefined templates.", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jinja2: Jinja has a sandbox breakout through malicious filenames", }, { cve: "CVE-2024-56326", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-12-23T16:00:46.619763+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2333856", }, ], notes: [ { category: "description", text: "A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, storing a reference to a malicious string's format method is possible, then passing that to a filter that calls it. No such filters are built into Jinja but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.", title: "Vulnerability description", }, { category: "summary", text: "jinja2: Jinja has a sandbox breakout through indirect reference to format method", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as Moderate due to an oversight in Jinja's sandbox environment, allowing attackers to execute arbitrary Python code through controlled template content. This requires control over template content, making exploitation possible only in specific applications, thus limiting its overall impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-56326", }, { category: "external", summary: "RHBZ#2333856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2333856", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-56326", url: "https://www.cve.org/CVERecord?id=CVE-2024-56326", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-56326", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-56326", }, { category: "external", summary: "https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4", url: "https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4", }, { category: "external", summary: "https://github.com/pallets/jinja/releases/tag/3.1.5", url: "https://github.com/pallets/jinja/releases/tag/3.1.5", }, { category: "external", summary: "https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h", url: "https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h", }, ], release_date: "2024-12-23T15:43:49.400000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jinja2: Jinja has a sandbox breakout through indirect reference to format method", }, { cve: "CVE-2024-56374", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2025-01-14T20:01:09.167282+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2337996", }, ], notes: [ { category: "description", text: "A flaw was found in the Django framework. Lack of upper bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial of service attack. The undocumented and private functions `clean_ipv6_address` and `is_valid_ipv6_address` were vulnerable, as was the `django.forms.GenericIPAddressField` form field, which has now been updated to define a `max_length` of 39 characters.", title: "Vulnerability description", }, { category: "summary", text: "django: potential denial-of-service vulnerability in IPv6 validation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-56374", }, { category: "external", summary: "RHBZ#2337996", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2337996", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-56374", url: "https://www.cve.org/CVERecord?id=CVE-2024-56374", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-56374", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-56374", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2025/01/14/2", url: "http://www.openwall.com/lists/oss-security/2025/01/14/2", }, { category: "external", summary: "https://docs.djangoproject.com/en/dev/releases/security/", url: "https://docs.djangoproject.com/en/dev/releases/security/", }, { category: "external", summary: "https://groups.google.com/g/django-announce", url: "https://groups.google.com/g/django-announce", }, { category: "external", summary: "https://www.djangoproject.com/weblog/2025/jan/14/security-releases/", url: "https://www.djangoproject.com/weblog/2025/jan/14/security-releases/", }, ], release_date: "2025-01-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-10T18:38:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:1249", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:b41eeb83e5c7ad9937a90ac6247fe5305a7ff90b39ae6a23765e0f2e22bdca70_arm64", "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:c6488740a778ca3a1aa3dfdc513d4989ac366728d9f93fe8a57a51c562270771_amd64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c5a4ba16f7322e2b89fefa198dc673434f73709a47cf7a85bbccf1ba7a73dd7c_arm64", "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:c6f7be7cb58e77958c518fdd68c80a745dcec48fa5397af8c68593254e03743a_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "django: potential denial-of-service vulnerability in IPv6 validation", }, ], }
rhsa-2025:3928
Vulnerability from csaf_redhat
Published
2025-04-15 19:46
Modified
2025-04-18 10:57
Summary
Red Hat Security Advisory: ACS 4.5 enhancement and security update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security (RHACS).
Details
This release of RHACS includes the following bug fix:
* Fixed a bug to match the aggregation field of the compliance tables to the widgets for consistency.
This release also addresses the following security vulnerabilities:
* RHSA-2025:2679: libxml2 security update
* RHSA-2025:1350: libxml2 security update
* RHSA-2025:1330: openssl security update
* CVE-2024-57083: Prototype pollution in redoc can allow a DoS attack
* CVE-2024-21536: Flaw in `http-proxy-middleware` package
* CVE-2025-30204: Flaw in the golang-jwt implementation of JSON Web Tokens (JWT)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated images are now available for Red Hat Advanced Cluster Security (RHACS).", title: "Topic", }, { category: "general", text: "This release of RHACS includes the following bug fix:\n\n* Fixed a bug to match the aggregation field of the compliance tables to the widgets for consistency.\n\nThis release also addresses the following security vulnerabilities:\n\n* RHSA-2025:2679: libxml2 security update\n\n* RHSA-2025:1350: libxml2 security update\n\n* RHSA-2025:1330: openssl security update\n\n* CVE-2024-57083: Prototype pollution in redoc can allow a DoS attack\n\n* CVE-2024-21536: Flaw in `http-proxy-middleware` package\n\n* CVE-2025-30204: Flaw in the golang-jwt implementation of JSON Web Tokens (JWT)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2025:3928", url: "https://access.redhat.com/errata/RHSA-2025:3928", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.5/html/release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.5/html/release_notes/index", }, { category: "external", summary: "2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "2354195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", }, { category: "external", summary: "2355865", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2355865", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3928.json", }, ], title: "Red Hat Security Advisory: ACS 4.5 enhancement and security update", tracking: { current_release_date: "2025-04-18T10:57:08+00:00", generator: { date: "2025-04-18T10:57:08+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2025:3928", initial_release_date: "2025-04-15T19:46:07+00:00", revision_history: [ { date: "2025-04-15T19:46:07+00:00", number: "1", summary: "Initial version", }, { date: "2025-04-15T19:46:07+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-18T10:57:08+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHACS 4.5 for RHEL 8", product: { name: "RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5", product_identification_helper: { cpe: "cpe:/a:redhat:advanced_cluster_security:4.5::el8", }, }, }, ], category: "product_family", name: "Red Hat Advanced Cluster Security for Kubernetes", }, { branches: [ { category: "product_version", name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", product: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", product_id: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", product: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", product_id: "advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", product: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", product_id: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", product: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", product_id: "advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", product: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", product_id: "advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", product: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", product_id: "advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", product: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", product_id: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8&tag=4.5.9-1", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", product: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", product_id: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", product: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", product_id: "advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", product: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", product_id: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", product: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", product_id: "advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", product: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", product_id: "advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", product: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", product_id: "advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", product: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", product_id: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", product_id: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", product_id: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", product_id: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", product_id: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", product_id: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", product_id: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8&tag=4.5.9-1", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", product: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", product_id: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", product: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", product_id: "advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", product: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", product_id: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", product: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", product_id: "advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", product: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", product_id: "advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", product: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", product_id: "advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", product: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", product_id: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", product_id: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", product_id: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", product_id: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", product_id: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", product_id: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8&tag=4.5.9-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", product_id: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8&tag=4.5.9-1", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", }, product_reference: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64 as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", }, product_reference: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", }, product_reference: "advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64 as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", }, product_reference: "advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64 as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", }, product_reference: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", }, product_reference: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64 as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", }, product_reference: "advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", }, product_reference: "advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64 as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", }, product_reference: "advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", }, product_reference: "advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64 as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", }, product_reference: "advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", }, product_reference: "advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64 as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", }, product_reference: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", }, product_reference: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64 as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64 as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64 as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64 as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64 as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64 as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", relates_to_product_reference: "8Base-RHACS-4.5", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le as a component of RHACS 4.5 for RHEL 8", product_id: "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", relates_to_product_reference: "8Base-RHACS-4.5", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-15T19:46:07+00:00", details: "If you are using an earlier version of RHACS 4.5, you are advised to upgrade to patch release 4.5.9.", product_ids: [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3928", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-57083", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2025-03-28T21:01:02.993057+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2355865", }, ], notes: [ { category: "description", text: "A flaw was found in redoc. This vulnerability can allow an attacker to cause a Denial of Service (DoS) via supplying a crafted payload.", title: "Vulnerability description", }, { category: "summary", text: "redoc: Prototype Pollution in redoc", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as an Important severity because it allows attackers to exploit a prototype pollution issue in the Module.mergeObjects method by crafting a malicious payload. An attacker can alter the built-in Object.prototype, causing a Denial of Service (DoS) condition, leading to system instability, impacting the availability of the affected system.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-57083", }, { category: "external", summary: "RHBZ#2355865", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2355865", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-57083", url: "https://www.cve.org/CVERecord?id=CVE-2024-57083", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-57083", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-57083", }, { category: "external", summary: "https://github.com/Redocly/redoc/issues/2499", url: "https://github.com/Redocly/redoc/issues/2499", }, ], release_date: "2025-03-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-15T19:46:07+00:00", details: "If you are using an earlier version of RHACS 4.5, you are advised to upgrade to patch release 4.5.9.", product_ids: [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3928", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "redoc: Prototype Pollution in redoc", }, { cve: "CVE-2025-30204", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2025-03-21T22:00:43.818367+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2354195", }, ], notes: [ { category: "description", text: "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2025-30204", }, { category: "external", summary: "RHBZ#2354195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2025-30204", url: "https://www.cve.org/CVERecord?id=CVE-2025-30204", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", url: "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", }, { category: "external", summary: "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", url: "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", }, { category: "external", summary: "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", url: "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", }, ], release_date: "2025-03-21T21:42:01.382000+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-15T19:46:07+00:00", details: "If you are using an earlier version of RHACS 4.5, you are advised to upgrade to patch release 4.5.9.", product_ids: [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3928", }, { category: "workaround", details: "Red Hat Product Security does not have a recommended mitigation at this time.", product_ids: [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:5a73bcbab19ab68ff948838b21b5cb11e2134a48350b8cbf82ef288817c75719_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69eb82f50c3790b90b9a8015bf078da8066b38fee26cbb3a2623753a51ca99ea_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dda4781392cd2bb6e599f51b35b390e7d60d71166a968c358c999a570cbc829b_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:645219f425559e75234be2a6320fc0fa176db81d7e3738b2e3f2ccdc92ce6e24_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:cf7fa69d0b423aad50bc871808e34d7e8783aefcea05ead2dcd857dc11349510_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:e938cb5948023fef76efabbfbf3c8f1bbaf6d62fe38b7e31c8bb84fcef7fb4f2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2cc4e9960b80728892eafc1d3ce0dfbb9bbd28929261fc59fd71982fcbb864cc_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e03cb6ab11ee042ec66ec4a5b214f1ce509cdfa0f92b93d0cd7f87893504fd0a_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e98696ead4e75cd57655325eb3874ae1fe0bee30c52f1517d13cb9b046c8bf5f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:05ce852ee7c7a221b50e39224953bfef704ab5959ff7f33d5f30f9dbeff55ae3_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:566fffe3028705b2428e9420ca770819dae1729ea9c36213a2fcf5cd68796f73_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:990f13b1986b3f5ddc6bb44e30ce6dc40ad6108e927badb3c9f7e0b49fba675c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:41351e88688d23a443ad4f141caf0433b2c2789e6a1a85b4f5b36abeb5656bb1_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:4bf810ed79118b56bbc97caf0d04b65a57a69d8f1333af6bb07cfdb33454b2a8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:d0c15d6cbb78bfd7529030c62ccf4737ec235dbe143a76e898b6afbfd90ca918_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:9fed7cffad49c7ed79405948b12256cd12e4dce00ef2737ade5db5018b324916_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c2f9ef5d94e03753926d41c3e90d429b660a59013ab269b71bfe1b21575ab93f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:c6481192d23a50a5c75ca10fcbafde1eec8614a0a71635b8615ea70020d07749_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4df217585e8de0ca3fd0722454f65c882ff1a49ed03d839a2b48c8adeb110776_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ae67f0a80b58fff1eb900fa9adb1e0fe2a5d1f2c531caffcdea3eff2c0f8189c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b9c20a2ddb97eb45995836e5be0713419afc2d9f8e2374d7ca64f7ea5274ad2f_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:247b450a36800470e484320eef0c4bf07f0aaee66ddfb0b38ed7a215dea8b489_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:750f9b25880952184289ae3389fd679a3ab6bb321c7531d8bb9c51a4df3143fb_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f45b818df4a3bbb45caa2086f4f0b29f8e79abfe579fd04235a65db122529505_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c421d3700f197dbb69ba3b34b204415413222d677bc58bb126bf064d9957893b_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c910f6a958bbe1176da3defa138c8a7c9c2728c50c4ec52827c008c3d6293047_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:ff99cf87213c08c560f2a27d83e51b7571637cef33e0c6ab5177a7c678df9bbb_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:0f1b879c9de1fcc55b017a3f465d8f44f86668683174e936a5cf10dabe292b16_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ef4868576b184b65076bfdb285a0dfe9fab9400795232cd78a3e9676410fba0_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:922979b45991631a3c8f17a8046270f9d50da23935699b6f70fb8fb41cbc7539_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:08522cc11c22617e947a7eeb24ad80ca98df1a54affc499307ae992dbbffb1af_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:dc4afae274b026d43099cbc3eff7144cea981931a441fc0ada1bdc99bd0b1370_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f45ce53f6007cfd5bd002eebe6ead15f39ade85deaecc5406fc07222781ca3f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:00a43ea5b5d02e811ae1a78adaf8cda9b87b0819b69ba209487d47eab677b424_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:74fb88b37ed6763861ca3730d7b5a62f793831de803ab250ec68d86363ceff49_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:efc4a42a309f27543f650b13fde90a26500ea69d0d5cbaf3ac7daebff3b0330f_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:72490c948f3a6fd2d75ea01d434dd76f53adb73f6655537081d95542c541662d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec17a50dd2c436301ff369852cfa02d7b493c72d490ff1c58fd508231c76626b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f4f13c49060230038d0017452c15c4bf5d15520659ae72b9b022142a8bae0ba7_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", }, ], }
rhsa-2024_10962
Vulnerability from csaf_redhat
Published
2024-12-11 16:47
Modified
2025-01-06 18:54
Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release
Notes
Topic
A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released
Details
Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released", title: "Topic", }, { category: "general", text: "Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:10962", url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger", url: "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10962.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release", tracking: { current_release_date: "2025-01-06T18:54:46+00:00", generator: { date: "2025-01-06T18:54:46+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:10962", initial_release_date: "2024-12-11T16:47:10+00:00", revision_history: [ { date: "2024-12-11T16:47:10+00:00", number: "1", summary: "Initial version", }, { date: "2024-12-11T16:47:10+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T18:54:46+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift distributed tracing 3.4", product: { name: "Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift distributed tracing", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Aeebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-operator-bundle@sha256%3A44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3Abf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Afd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Ac254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3Ada3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3Aa7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Ab7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Afed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Ae8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3A4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Aceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Ac81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Ae537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3Abb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3Ae7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3Ab541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Ab0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3A44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3Ab9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3Afe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-43796", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:28.106254+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311152", }, ], notes: [ { category: "description", text: "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.", title: "Vulnerability description", }, { category: "summary", text: "express: Improper Input Handling in Express Redirects", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43796", }, { category: "external", summary: "RHBZ#2311152", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311152", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43796", url: "https://www.cve.org/CVERecord?id=CVE-2024-43796", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", }, { category: "external", summary: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", url: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", url: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", }, ], release_date: "2024-09-10T15:15:17.510000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "express: Improper Input Handling in Express Redirects", }, { cve: "CVE-2024-43799", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:30.869487+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311153", }, ], notes: [ { category: "description", text: "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", title: "Vulnerability description", }, { category: "summary", text: "send: Code Execution Vulnerability in Send Library", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "RHBZ#2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43799", url: "https://www.cve.org/CVERecord?id=CVE-2024-43799", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", }, { category: "external", summary: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", url: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", }, { category: "external", summary: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", url: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", }, ], release_date: "2024-09-10T15:15:17.727000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "send: Code Execution Vulnerability in Send Library", }, { cve: "CVE-2024-43800", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:33.631718+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311154", }, ], notes: [ { category: "description", text: "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", title: "Vulnerability description", }, { category: "summary", text: "serve-static: Improper Sanitization in serve-static", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "RHBZ#2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43800", url: "https://www.cve.org/CVERecord?id=CVE-2024-43800", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", url: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", url: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", }, { category: "external", summary: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", url: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", }, ], release_date: "2024-09-10T15:15:17.937000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "serve-static: Improper Sanitization in serve-static", }, { cve: "CVE-2024-45296", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-09-09T19:20:18.127723+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310908", }, ], notes: [ { category: "description", text: "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "path-to-regexp: Backtracking regular expressions cause ReDoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "RHBZ#2310908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310908", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45296", url: "https://www.cve.org/CVERecord?id=CVE-2024-45296", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", url: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", url: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", url: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", }, ], release_date: "2024-09-09T19:15:13.330000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "path-to-regexp: Backtracking regular expressions cause ReDoS", }, { cve: "CVE-2024-45590", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2024-09-10T16:20:29.292154+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311171", }, ], notes: [ { category: "description", text: "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", title: "Vulnerability description", }, { category: "summary", text: "body-parser: Denial of Service Vulnerability in body-parser", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "RHBZ#2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45590", url: "https://www.cve.org/CVERecord?id=CVE-2024-45590", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", }, { category: "external", summary: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", url: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", }, { category: "external", summary: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", url: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", }, ], release_date: "2024-09-10T16:15:21.083000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "body-parser: Denial of Service Vulnerability in body-parser", }, { cve: "CVE-2024-45811", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2024-09-17T20:00:49.944925+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312930", }, ], notes: [ { category: "description", text: "A flaw was found in ViteJS. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists, which can allow an attacker to access arbitrary files via the browser.", title: "Vulnerability description", }, { category: "summary", text: "vite: server.fs.deny is bypassed when using `?import&raw`", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is classified as moderate rather than high severity because it requires specific conditions for exploitation. The attacker must have access to the Vite server, which typically runs in a local development environment rather than in production. Additionally, the bypass allows file access only if the file path is already known or predictable, limiting the attacker's ability to arbitrarily explore the file system. While it exposes file content outside the Vite serving allow list, the scope of access is constrained, and the impact can be mitigated by proper server configurations and deployment practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45811", }, { category: "external", summary: "RHBZ#2312930", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312930", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45811", url: "https://www.cve.org/CVERecord?id=CVE-2024-45811", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45811", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45811", }, { category: "external", summary: "https://github.com/vitejs/vite", url: "https://github.com/vitejs/vite", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249", url: "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34", url: "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd", url: "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6", url: "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7", url: "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7", }, { category: "external", summary: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx", url: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx", }, ], release_date: "2024-09-17T18:44:12+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "vite: server.fs.deny is bypassed when using `?import&raw`", }, { cve: "CVE-2024-45812", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-17T20:20:07.064245+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312935", }, ], notes: [ { category: "description", text: "A DOM clobbering vulnerability was found in ViteJS. This may lead to cross-site scripting (XSS) attacks on websites that include Vite-bundled files configured with an output format of cjs, iife, or umd, and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.", title: "Vulnerability description", }, { category: "summary", text: "vite: XSS via DOM Clobbering gadget found in vite bundled scripts", title: "Vulnerability summary", }, { category: "other", text: "This issue is classified as moderate severity rather than important due to the specific conditions required to exploit the vulnerability. While DOM Clobbering can lead to Cross-Site Scripting (XSS), the attack surface is relatively limited. Exploitation is contingent on the presence of unsanitized user-supplied HTML with certain scriptless attributes (`name`, `id`) and the use of particular Vite build outputs (`cjs`, `iife`, `umd`). In environments following proper input sanitization practices, the risk is significantly mitigated. Moreover, the vulnerability does not enable direct code injection or compromise by default but rather leverages existing script elements, reducing the likelihood of widespread exploitation compared to higher severity issues.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45812", }, { category: "external", summary: "RHBZ#2312935", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312935", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45812", url: "https://www.cve.org/CVERecord?id=CVE-2024-45812", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45812", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45812", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad", url: "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad", }, { category: "external", summary: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3", url: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3", }, { category: "external", summary: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", url: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", }, { category: "external", summary: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", url: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", }, { category: "external", summary: "https://scnps.co/papers/sp23_domclob.pdf", url: "https://scnps.co/papers/sp23_domclob.pdf", }, ], release_date: "2024-09-17T20:15:06.037000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "vite: XSS via DOM Clobbering gadget found in vite bundled scripts", }, { cve: "CVE-2024-47068", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-23T16:20:20.383320+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314249", }, ], notes: [ { category: "description", text: "A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.", title: "Vulnerability description", }, { category: "summary", text: "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is classified as moderate severity rather than important because it requires a specific and relatively uncommon attack vector to exploit—namely, attacker-controlled scriptless HTML elements, such as an unsanitized name attribute in an img tag, which are typically less prevalent in well-maintained web applications. Additionally, the impact is limited to scenarios where import.meta is improperly handled in specific module formats (`cjs`, `umd`, `iife`), and the vulnerability can only lead to cross-site scripting (XSS) under specific conditions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47068", }, { category: "external", summary: "RHBZ#2314249", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314249", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47068", url: "https://www.cve.org/CVERecord?id=CVE-2024-47068", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47068", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47068", }, { category: "external", summary: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", url: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", }, { category: "external", summary: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", url: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", }, { category: "external", summary: "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", url: "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", }, { category: "external", summary: "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", url: "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", }, { category: "external", summary: "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", url: "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", }, ], release_date: "2024-09-23T16:15:06.947000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", }, ], }
RHSA-2024:10917
Vulnerability from csaf_redhat
Published
2024-12-10 11:04
Modified
2025-04-16 01:43
Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release
Notes
Topic
A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released
Details
Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released", title: "Topic", }, { category: "general", text: "Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:10917", url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger", url: "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-21536", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-43796", url: "https://access.redhat.com/security/cve/CVE-2024-43796", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-43799", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-43800", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45296", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45590", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45811", url: "https://access.redhat.com/security/cve/CVE-2024-45811", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45812", url: "https://access.redhat.com/security/cve/CVE-2024-45812", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-47068", url: "https://access.redhat.com/security/cve/CVE-2024-47068", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10917.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release", tracking: { current_release_date: "2025-04-16T01:43:28+00:00", generator: { date: "2025-04-16T01:43:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:10917", initial_release_date: "2024-12-10T11:04:35+00:00", revision_history: [ { date: "2024-12-10T11:04:35+00:00", number: "1", summary: "Initial version", }, { date: "2025-03-25T11:04:35+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T01:43:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift distributed tracing 3.4", product: { name: "Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift distributed tracing", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-operator-bundle@sha256%3Ae65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Afdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Abf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3A121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Aaebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Af2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3A4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Ab7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Af454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Ac322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3Af6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Af5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3A01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-43796", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:28.106254+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311152", }, ], notes: [ { category: "description", text: "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.", title: "Vulnerability description", }, { category: "summary", text: "express: Improper Input Handling in Express Redirects", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43796", }, { category: "external", summary: "RHBZ#2311152", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311152", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43796", url: "https://www.cve.org/CVERecord?id=CVE-2024-43796", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", }, { category: "external", summary: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", url: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", url: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", }, ], release_date: "2024-09-10T15:15:17.510000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "express: Improper Input Handling in Express Redirects", }, { cve: "CVE-2024-43799", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:30.869487+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311153", }, ], notes: [ { category: "description", text: "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", title: "Vulnerability description", }, { category: "summary", text: "send: Code Execution Vulnerability in Send Library", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "RHBZ#2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43799", url: "https://www.cve.org/CVERecord?id=CVE-2024-43799", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", }, { category: "external", summary: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", url: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", }, { category: "external", summary: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", url: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", }, ], release_date: "2024-09-10T15:15:17.727000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "send: Code Execution Vulnerability in Send Library", }, { cve: "CVE-2024-43800", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:33.631718+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311154", }, ], notes: [ { category: "description", text: "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", title: "Vulnerability description", }, { category: "summary", text: "serve-static: Improper Sanitization in serve-static", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "RHBZ#2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43800", url: "https://www.cve.org/CVERecord?id=CVE-2024-43800", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", url: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", url: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", }, { category: "external", summary: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", url: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", }, ], release_date: "2024-09-10T15:15:17.937000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "serve-static: Improper Sanitization in serve-static", }, { cve: "CVE-2024-45296", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-09-09T19:20:18.127723+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310908", }, ], notes: [ { category: "description", text: "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "path-to-regexp: Backtracking regular expressions cause ReDoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "RHBZ#2310908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310908", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45296", url: "https://www.cve.org/CVERecord?id=CVE-2024-45296", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", url: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", url: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", url: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", }, ], release_date: "2024-09-09T19:15:13.330000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "path-to-regexp: Backtracking regular expressions cause ReDoS", }, { cve: "CVE-2024-45590", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2024-09-10T16:20:29.292154+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311171", }, ], notes: [ { category: "description", text: "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", title: "Vulnerability description", }, { category: "summary", text: "body-parser: Denial of Service Vulnerability in body-parser", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "RHBZ#2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45590", url: "https://www.cve.org/CVERecord?id=CVE-2024-45590", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", }, { category: "external", summary: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", url: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", }, { category: "external", summary: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", url: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", }, ], release_date: "2024-09-10T16:15:21.083000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "body-parser: Denial of Service Vulnerability in body-parser", }, { cve: "CVE-2024-45811", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2024-09-17T20:00:49.944925+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312930", }, ], notes: [ { category: "description", text: "A flaw was found in ViteJS. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists, which can allow an attacker to access arbitrary files via the browser.", title: "Vulnerability description", }, { category: "summary", text: "vite: server.fs.deny is bypassed when using `?import&raw`", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is classified as moderate rather than high severity because it requires specific conditions for exploitation. The attacker must have access to the Vite server, which typically runs in a local development environment rather than in production. Additionally, the bypass allows file access only if the file path is already known or predictable, limiting the attacker's ability to arbitrarily explore the file system. While it exposes file content outside the Vite serving allow list, the scope of access is constrained, and the impact can be mitigated by proper server configurations and deployment practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45811", }, { category: "external", summary: "RHBZ#2312930", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312930", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45811", url: "https://www.cve.org/CVERecord?id=CVE-2024-45811", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45811", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45811", }, { category: "external", summary: "https://github.com/vitejs/vite", url: "https://github.com/vitejs/vite", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249", url: "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34", url: "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd", url: "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6", url: "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7", url: "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7", }, { category: "external", summary: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx", url: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx", }, ], release_date: "2024-09-17T18:44:12+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "vite: server.fs.deny is bypassed when using `?import&raw`", }, { cve: "CVE-2024-45812", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-17T20:20:07.064245+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312935", }, ], notes: [ { category: "description", text: "A DOM clobbering vulnerability was found in ViteJS. This may lead to cross-site scripting (XSS) attacks on websites that include Vite-bundled files configured with an output format of cjs, iife, or umd, and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.", title: "Vulnerability description", }, { category: "summary", text: "vite: XSS via DOM Clobbering gadget found in vite bundled scripts", title: "Vulnerability summary", }, { category: "other", text: "This issue is classified as moderate severity rather than important due to the specific conditions required to exploit the vulnerability. While DOM Clobbering can lead to Cross-Site Scripting (XSS), the attack surface is relatively limited. Exploitation is contingent on the presence of unsanitized user-supplied HTML with certain scriptless attributes (`name`, `id`) and the use of particular Vite build outputs (`cjs`, `iife`, `umd`). In environments following proper input sanitization practices, the risk is significantly mitigated. Moreover, the vulnerability does not enable direct code injection or compromise by default but rather leverages existing script elements, reducing the likelihood of widespread exploitation compared to higher severity issues.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45812", }, { category: "external", summary: "RHBZ#2312935", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312935", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45812", url: "https://www.cve.org/CVERecord?id=CVE-2024-45812", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45812", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45812", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad", url: "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad", }, { category: "external", summary: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3", url: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3", }, { category: "external", summary: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", url: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", }, { category: "external", summary: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", url: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", }, { category: "external", summary: "https://scnps.co/papers/sp23_domclob.pdf", url: "https://scnps.co/papers/sp23_domclob.pdf", }, ], release_date: "2024-09-17T20:15:06.037000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "vite: XSS via DOM Clobbering gadget found in vite bundled scripts", }, { cve: "CVE-2024-47068", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-23T16:20:20.383320+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314249", }, ], notes: [ { category: "description", text: "A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.", title: "Vulnerability description", }, { category: "summary", text: "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is classified as moderate severity rather than important because it requires a specific and relatively uncommon attack vector to exploit—namely, attacker-controlled scriptless HTML elements, such as an unsanitized name attribute in an img tag, which are typically less prevalent in well-maintained web applications. Additionally, the impact is limited to scenarios where import.meta is improperly handled in specific module formats (`cjs`, `umd`, `iife`), and the vulnerability can only lead to cross-site scripting (XSS) under specific conditions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47068", }, { category: "external", summary: "RHBZ#2314249", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314249", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47068", url: "https://www.cve.org/CVERecord?id=CVE-2024-47068", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47068", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47068", }, { category: "external", summary: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", url: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", }, { category: "external", summary: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", url: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", }, { category: "external", summary: "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", url: "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", }, { category: "external", summary: "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", url: "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", }, { category: "external", summary: "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", url: "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", }, ], release_date: "2024-09-23T16:15:06.947000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", }, ], }
RHSA-2024:11255
Vulnerability from csaf_redhat
Published
2024-12-17 10:22
Modified
2025-04-16 01:43
Summary
Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1
Notes
Topic
Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate
Details
Red Hat Trusted Profile Analyzer 1.2.1
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate", title: "Topic", }, { category: "general", text: "Red Hat Trusted Profile Analyzer 1.2.1", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:11255", url: "https://access.redhat.com/errata/RHSA-2024:11255", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1865", url: "https://issues.redhat.com/browse/TC-1865", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1873", url: "https://issues.redhat.com/browse/TC-1873", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1880", url: "https://issues.redhat.com/browse/TC-1880", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1892", url: "https://issues.redhat.com/browse/TC-1892", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1928", url: "https://issues.redhat.com/browse/TC-1928", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1947", url: "https://issues.redhat.com/browse/TC-1947", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1970", url: "https://issues.redhat.com/browse/TC-1970", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1868", url: "https://issues.redhat.com/browse/TC-1868", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1937", url: "https://issues.redhat.com/browse/TC-1937", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1795", url: "https://issues.redhat.com/browse/TC-1795", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1824", url: "https://issues.redhat.com/browse/TC-1824", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1870", url: "https://issues.redhat.com/browse/TC-1870", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-21536", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-21538", url: "https://access.redhat.com/security/cve/CVE-2024-21538", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-7254", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/", url: "https://access.redhat.com/security/updates/classification/", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11255.json", }, ], title: "Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1", tracking: { current_release_date: "2025-04-16T01:43:52+00:00", generator: { date: "2025-04-16T01:43:52+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:11255", initial_release_date: "2024-12-17T10:22:51+00:00", revision_history: [ { date: "2024-12-17T10:22:51+00:00", number: "1", summary: "Initial version", }, { date: "2025-03-25T10:22:51+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T01:43:52+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Trusted Profile Analyzer 1.2", product: { name: "Red Hat Trusted Profile Analyzer 1.2", product_id: "Red Hat Trusted Profile Analyzer 1.2", product_identification_helper: { cpe: "cpe:/a:redhat:trusted_profile_analyzer:1.2::el9", }, }, }, ], category: "product_family", name: "Red Hat Trusted Profile Analyzer", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", product: { name: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", product_id: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", product_identification_helper: { purl: "pkg:oci/rhtpa-trustification-service-rhel9@sha256%3A8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe?arch=amd64&repository_url=registry.redhat.io/rhtpa&tag=1.2.1-1733826968", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64 as a component of Red Hat Trusted Profile Analyzer 1.2", product_id: "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", }, product_reference: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", relates_to_product_reference: "Red Hat Trusted Profile Analyzer 1.2", }, ], }, vulnerabilities: [ { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T10:22:51+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11255", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T10:22:51+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11255", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-21538", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-11-08T13:44:29.182678+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2324550", }, ], notes: [ { category: "description", text: "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.", title: "Vulnerability description", }, { category: "summary", text: "cross-spawn: regular expression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21538", }, { category: "external", summary: "RHBZ#2324550", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2324550", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21538", url: "https://www.cve.org/CVERecord?id=CVE-2024-21538", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", url: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", url: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/pull/160", url: "https://github.com/moxystudio/node-cross-spawn/pull/160", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", url: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", }, ], release_date: "2024-11-08T05:00:04.695000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T10:22:51+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11255", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "cross-spawn: regular expression denial of service", }, ], }
rhsa-2025:3930
Vulnerability from csaf_redhat
Published
2025-04-15 20:29
Modified
2025-04-18 10:57
Summary
Red Hat Security Advisory: RHACS 4.7 security update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security for
Kubernetes (RHACS). The updated image includes security fixes.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
This release of RHACS 4.7.2 includes the following security fixes:
* CVE-2024-21536: Denial of Service vulnerability in the `http-proxy-middleware` package.
* CVE-2025-30204: Excessive memory allocation during header parsing in `golang-jwt` package.
* CVE-2024-57083: Denial of Service vulnerability in the `redoc` package.
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated images are now available for Red Hat Advanced Cluster Security for\nKubernetes (RHACS). The updated image includes security fixes.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of RHACS 4.7.2 includes the following security fixes:\n\n* CVE-2024-21536: Denial of Service vulnerability in the `http-proxy-middleware` package.\n* CVE-2025-30204: Excessive memory allocation during header parsing in `golang-jwt` package.\n* CVE-2024-57083: Denial of Service vulnerability in the `redoc` package.\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2025:3930", url: "https://access.redhat.com/errata/RHSA-2025:3930", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.7/html-single/release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.7/html-single/release_notes/index", }, { category: "external", summary: "2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "2354195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", }, { category: "external", summary: "2355865", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2355865", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3930.json", }, ], title: "Red Hat Security Advisory: RHACS 4.7 security update", tracking: { current_release_date: "2025-04-18T10:57:01+00:00", generator: { date: "2025-04-18T10:57:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2025:3930", initial_release_date: "2025-04-15T20:29:23+00:00", revision_history: [ { date: "2025-04-15T20:29:23+00:00", number: "1", summary: "Initial version", }, { date: "2025-04-15T20:29:23+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-18T10:57:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHACS 4.7 for RHEL 8", product: { name: "RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7", product_identification_helper: { cpe: "cpe:/a:redhat:advanced_cluster_security:4.7::el8", }, }, }, ], category: "product_family", name: "Red Hat Advanced Cluster Security for Kubernetes", }, { branches: [ { category: "product_version", name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", product: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", product_id: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8&tag=4.7.2-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", product: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", product_id: "advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8&tag=4.7.2-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", product: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", product_id: "advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8&tag=4.7.2-3", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", product: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", product_id: "advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle&tag=4.7.2-4", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", product: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", product_id: "advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", product: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", product_id: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", product_id: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8&tag=4.7.2-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", product_id: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", product_id: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", product_id: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", product_id: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8&tag=4.7.2-3", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", product_id: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8&tag=4.7.2-1", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", product: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", product_id: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8&tag=4.7.2-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", product: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", product_id: "advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8&tag=4.7.2-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", product: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", product_id: "advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8&tag=4.7.2-3", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", product: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", product_id: "advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle&tag=4.7.2-4", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", product: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", product_id: "advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", product: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", product_id: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", product: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", product_id: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8&tag=4.7.2-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", product: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", product_id: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", product: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", product_id: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", product: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", product_id: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", product: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", product_id: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8&tag=4.7.2-3", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", product: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", product_id: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8&tag=4.7.2-1", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", product: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", product_id: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8&tag=4.7.2-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", product: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", product_id: "advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8&tag=4.7.2-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", product: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", product_id: "advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8&tag=4.7.2-3", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", product: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", product_id: "advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle&tag=4.7.2-4", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", product: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", product_id: "advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", product: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", product_id: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8&tag=4.7.2-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8&tag=4.7.2-3", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8&tag=4.7.2-1", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", product: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", product_id: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8&tag=4.7.2-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", product: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", product_id: "advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8&tag=4.7.2-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", product: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", product_id: "advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8&tag=4.7.2-3", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", product: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", product_id: "advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle&tag=4.7.2-4", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", product: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", product_id: "advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", product: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", product_id: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", product_id: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8&tag=4.7.2-2", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", product_id: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", product_id: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", product_id: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8&tag=4.7.2-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", product_id: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8&tag=4.7.2-3", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", product_id: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8&tag=4.7.2-1", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", }, product_reference: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", }, product_reference: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", }, product_reference: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", }, product_reference: "advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", }, product_reference: "advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", }, product_reference: "advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", }, product_reference: "advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", }, product_reference: "advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", }, product_reference: "advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", }, product_reference: "advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", }, product_reference: "advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", }, product_reference: "advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", }, product_reference: "advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", }, product_reference: "advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", }, product_reference: "advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", }, product_reference: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", }, product_reference: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", }, product_reference: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", }, product_reference: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", }, product_reference: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64 as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", relates_to_product_reference: "8Base-RHACS-4.7", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x as a component of RHACS 4.7 for RHEL 8", product_id: "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", relates_to_product_reference: "8Base-RHACS-4.7", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-15T20:29:23+00:00", details: "If you are using an earlier version of RHACS 4.7, you are advised to upgrade to this patch release 4.7.2.", product_ids: [ "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3930", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-57083", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2025-03-28T21:01:02.993057+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2355865", }, ], notes: [ { category: "description", text: "A flaw was found in redoc. This vulnerability can allow an attacker to cause a Denial of Service (DoS) via supplying a crafted payload.", title: "Vulnerability description", }, { category: "summary", text: "redoc: Prototype Pollution in redoc", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as an Important severity because it allows attackers to exploit a prototype pollution issue in the Module.mergeObjects method by crafting a malicious payload. An attacker can alter the built-in Object.prototype, causing a Denial of Service (DoS) condition, leading to system instability, impacting the availability of the affected system.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-57083", }, { category: "external", summary: "RHBZ#2355865", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2355865", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-57083", url: "https://www.cve.org/CVERecord?id=CVE-2024-57083", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-57083", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-57083", }, { category: "external", summary: "https://github.com/Redocly/redoc/issues/2499", url: "https://github.com/Redocly/redoc/issues/2499", }, ], release_date: "2025-03-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-15T20:29:23+00:00", details: "If you are using an earlier version of RHACS 4.7, you are advised to upgrade to this patch release 4.7.2.", product_ids: [ "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3930", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "redoc: Prototype Pollution in redoc", }, { cve: "CVE-2025-30204", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2025-03-21T22:00:43.818367+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2354195", }, ], notes: [ { category: "description", text: "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2025-30204", }, { category: "external", summary: "RHBZ#2354195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2025-30204", url: "https://www.cve.org/CVERecord?id=CVE-2025-30204", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", url: "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", }, { category: "external", summary: "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", url: "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", }, { category: "external", summary: "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", url: "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", }, ], release_date: "2025-03-21T21:42:01.382000+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-15T20:29:23+00:00", details: "If you are using an earlier version of RHACS 4.7, you are advised to upgrade to this patch release 4.7.2.", product_ids: [ "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3930", }, { category: "workaround", details: "Red Hat Product Security does not have a recommended mitigation at this time.", product_ids: [ "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0de55a92684af5e5597531bca9afbcd8e3cce4bfd6bcb172d39199bebbf88e2c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:69dbfbae6a11cb3d8c7e015f59b22519fb7676a855ff22327639da9f76dffb2c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:abe1cff91a5593115ab31bda302176a5252fc8dacb6486a33898c70e8be6a305_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ea5a47ccd9b4aa6a9a80baf6ef700c9b42f405e5cae24fccae1ebe543e1ed18c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:01678c9b1acdabaefc734e7eb403767e7924b839c0ad278b495b1228b7661fc3_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:0b03a33fb8bc0c0130416be107484e001607c95bfe517f04585835a69abdaffb_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:85a5849edf4ffe871a4ddde764b730b9273e05796abf6433a16f0431908a435d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-collector-rhel8@sha256:d3cb5a77aa9e23a31a5cb5be55614dee310873508b02fcec5bd41b60c211a216_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:1d8fd1b56ba971b4cac8c062abe5eaa4fab6171b6d6c74fa6f43c1e895083d5f_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:487b319656ad0234222c2a32c307f20622e79bb868bd406322cf26b6867152a1_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:7621a90eac37ec2b2e7390bb8b3fadfa205db80a9059337490c065b0cacb7ab7_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-main-rhel8@sha256:ab337f4f362ba85be4b15e6ab50ba3d10e223c63785595c9b9246c916bd9b9dd_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:053fe3c5bba914a225f969dbb695648fc1bcaf68c1cfea6d60faa9306a308715_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:4c213bf11ecea633090d32797119c435980f29e160bbf502e6eb0efe9690e491_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:567535d4a629980952e42537221a232e24399462c8ffda467c38195ea7afa3e2_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-operator-bundle@sha256:658b3612c93a7c70c6eeb26ba1e2704e770b876fcc1ae17603eaa7f2a14d6d6f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7c112288e7dbfe020ada8a8668da51beac2729fb48fe6e22f059448a0a3fd3fb_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:7fb87a017203fa4d0cfdf5775eff36adbdd0e73a505473025823956ff399c0e4_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:81809dccab3c48f4a7d999115b7277e33a789713728eacd354d1f38afe39bf7a_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-rhel8-operator@sha256:a14cfcc73b961326105bc05e41fef6ab3d40d7e3de71b0f262cdf68b9feffd00_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:03003fe0ef4d34bf4f55b231d276442eba4fdd24f13d931736bfce5b7dfea4f5_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6f037fb388d9e769aa5e95baaca125393dcb16c017e1f02d4d93b1d07b8fffe0_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a5727838bc5599a282bd2a13c3f21aee153d960cd89c7ba42c2271dddd176bc5_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb71e49dff08b0b611700089a1761c681b3a7cf37aceb5170d101abcc9eb4de9_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:701e71383caa3c9f4324fce081a3d855b0b40490befe73059639bd3a76edaf2b_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79adf5f5e810c51ad537dcffc7bbda938c4e0d12553aa1d8febd8585951ff56a_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af85a1009cb07e6bbe4c2a7c11c1e54cc0d501384ce6d4e1c51ad5eecb45aa38_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:dbd5a6f5e80eef1e067a99b8e65e3fdeb307ed0ed97934677647d40c4bd51dcc_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:14c597dc724cd3f98e513a1c1e2ff3e50b281a246602cee058fbc622e8d92fa7_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:686d6f4c4dd504b14e62fcd03530f091edfffc2be5155891f5d82b9c58e56bd6_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9f437263be063d2e3902109db98ab32f647cfbce50411120e5984f2ab1345f27_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e95da508631c5524f5edc9f70b361e5b0ae338fe4e73e4de624bf15927d9cfcd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:13ec12dbd30b98150decdd24899bac2317ccc8c5c45ee9c63c997cb638f78b9c_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:4b16d5c60cee1cc18761809af0d6ba951798130b42b841bf864d01be23a50a2c_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:7372caa729e72a6918f8402ebae0791c9d78c076e208142ff781552bd30d94d0_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c0f042494d44b018cc7afc45ad38d03fc1aa8d18de0183f817b3c7574512ec7c_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0b1cb981e4b8a930b29cf2aca2d7664f793b986ee15d1af2f2e130f153c13a9d_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:7577414d812fc586a27d06cd043c5a76a591e139905373694467ed61439a915d_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cfbff24ed9158e4c1742b81868e6f13d3e1d37cdffc003998400c7c67bc89186_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d79700db62eb731d3e86dff75ff2cf919221586e32edc586a4128612c5f2a0e4_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:2ccfcbba5b565de58a398894cd1482bc3ae5c093da239267412b84690cd7e003_s390x", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:3a749c09ebf4729139bdfbcd43ab071d2808b7d6f2fc7a03505d490000e00e4f_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7c2bf5e8e4a714eb534c16d447794694b1d8b3571c17699610ce8c4e2201ee08_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d7a7f1cfe8c63caa561350a05b0bab834bd97daed9de38d821122156cfac0544_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:8803e128a19be2c0069a2e37b4feefcb64a0b4975fff39c7e354b9573f41a7dd_ppc64le", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:afedcd883b00af7e41efd2f4c3a6fc53f3ef0e945d87430cb65813c807e39217_amd64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cd857ab339898bb5c1902075a58a7a03d3324c4100b7edc11f8c6026cfde909f_arm64", "8Base-RHACS-4.7:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f06e68ce3d778bb2a6f77394c78f3cef0eb926286d024f499cc14451dc978c80_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", }, ], }
RHSA-2024:10962
Vulnerability from csaf_redhat
Published
2024-12-11 16:47
Modified
2025-04-16 01:43
Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release
Notes
Topic
A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released
Details
Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released", title: "Topic", }, { category: "general", text: "Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:10962", url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger", url: "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-21536", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-43796", url: "https://access.redhat.com/security/cve/CVE-2024-43796", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-43799", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-43800", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45296", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45590", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45811", url: "https://access.redhat.com/security/cve/CVE-2024-45811", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45812", url: "https://access.redhat.com/security/cve/CVE-2024-45812", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-47068", url: "https://access.redhat.com/security/cve/CVE-2024-47068", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10962.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release", tracking: { current_release_date: "2025-04-16T01:43:40+00:00", generator: { date: "2025-04-16T01:43:40+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:10962", initial_release_date: "2024-12-11T16:47:10+00:00", revision_history: [ { date: "2024-12-11T16:47:10+00:00", number: "1", summary: "Initial version", }, { date: "2025-03-25T16:47:10+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T01:43:40+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift distributed tracing 3.4", product: { name: "Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift distributed tracing", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Aeebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-operator-bundle@sha256%3A44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3Abf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Afd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Ac254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3Ada3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3Aa7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Ab7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Afed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Ae8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3A4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Aceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Ac81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Ae537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3Abb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3Ae7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3Ab541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Ab0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3A44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3Ab9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3Afe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-43796", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:28.106254+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311152", }, ], notes: [ { category: "description", text: "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.", title: "Vulnerability description", }, { category: "summary", text: "express: Improper Input Handling in Express Redirects", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43796", }, { category: "external", summary: "RHBZ#2311152", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311152", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43796", url: "https://www.cve.org/CVERecord?id=CVE-2024-43796", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", }, { category: "external", summary: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", url: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", url: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", }, ], release_date: "2024-09-10T15:15:17.510000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "express: Improper Input Handling in Express Redirects", }, { cve: "CVE-2024-43799", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:30.869487+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311153", }, ], notes: [ { category: "description", text: "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", title: "Vulnerability description", }, { category: "summary", text: "send: Code Execution Vulnerability in Send Library", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "RHBZ#2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43799", url: "https://www.cve.org/CVERecord?id=CVE-2024-43799", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", }, { category: "external", summary: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", url: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", }, { category: "external", summary: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", url: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", }, ], release_date: "2024-09-10T15:15:17.727000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "send: Code Execution Vulnerability in Send Library", }, { cve: "CVE-2024-43800", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:33.631718+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311154", }, ], notes: [ { category: "description", text: "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", title: "Vulnerability description", }, { category: "summary", text: "serve-static: Improper Sanitization in serve-static", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "RHBZ#2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43800", url: "https://www.cve.org/CVERecord?id=CVE-2024-43800", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", url: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", url: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", }, { category: "external", summary: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", url: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", }, ], release_date: "2024-09-10T15:15:17.937000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "serve-static: Improper Sanitization in serve-static", }, { cve: "CVE-2024-45296", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-09-09T19:20:18.127723+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310908", }, ], notes: [ { category: "description", text: "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "path-to-regexp: Backtracking regular expressions cause ReDoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "RHBZ#2310908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310908", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45296", url: "https://www.cve.org/CVERecord?id=CVE-2024-45296", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", url: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", url: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", url: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", }, ], release_date: "2024-09-09T19:15:13.330000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "path-to-regexp: Backtracking regular expressions cause ReDoS", }, { cve: "CVE-2024-45590", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2024-09-10T16:20:29.292154+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311171", }, ], notes: [ { category: "description", text: "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", title: "Vulnerability description", }, { category: "summary", text: "body-parser: Denial of Service Vulnerability in body-parser", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "RHBZ#2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45590", url: "https://www.cve.org/CVERecord?id=CVE-2024-45590", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", }, { category: "external", summary: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", url: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", }, { category: "external", summary: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", url: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", }, ], release_date: "2024-09-10T16:15:21.083000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "body-parser: Denial of Service Vulnerability in body-parser", }, { cve: "CVE-2024-45811", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2024-09-17T20:00:49.944925+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312930", }, ], notes: [ { category: "description", text: "A flaw was found in ViteJS. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists, which can allow an attacker to access arbitrary files via the browser.", title: "Vulnerability description", }, { category: "summary", text: "vite: server.fs.deny is bypassed when using `?import&raw`", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is classified as moderate rather than high severity because it requires specific conditions for exploitation. The attacker must have access to the Vite server, which typically runs in a local development environment rather than in production. Additionally, the bypass allows file access only if the file path is already known or predictable, limiting the attacker's ability to arbitrarily explore the file system. While it exposes file content outside the Vite serving allow list, the scope of access is constrained, and the impact can be mitigated by proper server configurations and deployment practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45811", }, { category: "external", summary: "RHBZ#2312930", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312930", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45811", url: "https://www.cve.org/CVERecord?id=CVE-2024-45811", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45811", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45811", }, { category: "external", summary: "https://github.com/vitejs/vite", url: "https://github.com/vitejs/vite", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249", url: "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34", url: "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd", url: "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6", url: "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7", url: "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7", }, { category: "external", summary: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx", url: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx", }, ], release_date: "2024-09-17T18:44:12+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "vite: server.fs.deny is bypassed when using `?import&raw`", }, { cve: "CVE-2024-45812", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-17T20:20:07.064245+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312935", }, ], notes: [ { category: "description", text: "A DOM clobbering vulnerability was found in ViteJS. This may lead to cross-site scripting (XSS) attacks on websites that include Vite-bundled files configured with an output format of cjs, iife, or umd, and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.", title: "Vulnerability description", }, { category: "summary", text: "vite: XSS via DOM Clobbering gadget found in vite bundled scripts", title: "Vulnerability summary", }, { category: "other", text: "This issue is classified as moderate severity rather than important due to the specific conditions required to exploit the vulnerability. While DOM Clobbering can lead to Cross-Site Scripting (XSS), the attack surface is relatively limited. Exploitation is contingent on the presence of unsanitized user-supplied HTML with certain scriptless attributes (`name`, `id`) and the use of particular Vite build outputs (`cjs`, `iife`, `umd`). In environments following proper input sanitization practices, the risk is significantly mitigated. Moreover, the vulnerability does not enable direct code injection or compromise by default but rather leverages existing script elements, reducing the likelihood of widespread exploitation compared to higher severity issues.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45812", }, { category: "external", summary: "RHBZ#2312935", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312935", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45812", url: "https://www.cve.org/CVERecord?id=CVE-2024-45812", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45812", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45812", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad", url: "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad", }, { category: "external", summary: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3", url: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3", }, { category: "external", summary: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", url: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", }, { category: "external", summary: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", url: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", }, { category: "external", summary: "https://scnps.co/papers/sp23_domclob.pdf", url: "https://scnps.co/papers/sp23_domclob.pdf", }, ], release_date: "2024-09-17T20:15:06.037000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "vite: XSS via DOM Clobbering gadget found in vite bundled scripts", }, { cve: "CVE-2024-47068", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-23T16:20:20.383320+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314249", }, ], notes: [ { category: "description", text: "A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.", title: "Vulnerability description", }, { category: "summary", text: "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is classified as moderate severity rather than important because it requires a specific and relatively uncommon attack vector to exploit—namely, attacker-controlled scriptless HTML elements, such as an unsanitized name attribute in an img tag, which are typically less prevalent in well-maintained web applications. Additionally, the impact is limited to scenarios where import.meta is improperly handled in specific module formats (`cjs`, `umd`, `iife`), and the vulnerability can only lead to cross-site scripting (XSS) under specific conditions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47068", }, { category: "external", summary: "RHBZ#2314249", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314249", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47068", url: "https://www.cve.org/CVERecord?id=CVE-2024-47068", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47068", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47068", }, { category: "external", summary: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", url: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", }, { category: "external", summary: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", url: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", }, { category: "external", summary: "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", url: "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", }, { category: "external", summary: "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", url: "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", }, { category: "external", summary: "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", url: "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", }, ], release_date: "2024-09-23T16:15:06.947000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", }, ], }
rhsa-2024_9627
Vulnerability from csaf_redhat
Published
2024-11-14 08:35
Modified
2025-01-06 19:03
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.3
Notes
Topic
Red Hat OpenShift Service Mesh Containers for 2.6.3
This update has a security impact of Moderate. A Common Vulnerability Scoring
System (CVSS) base score, which gives a detailed severity rating, is available
for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* kiali-ossmc-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8280)
* openshift-istio-kiali-rhel8-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8281)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Service Mesh Containers for 2.6.3\n\nThis update has a security impact of Moderate. A Common Vulnerability Scoring\nSystem (CVSS) base score, which gives a detailed severity rating, is available\nfor each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* kiali-ossmc-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8280)\n\n* openshift-istio-kiali-rhel8-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8281)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:9627", url: "https://access.redhat.com/errata/RHSA-2024:9627", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9627.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.3", tracking: { current_release_date: "2025-01-06T19:03:25+00:00", generator: { date: "2025-01-06T19:03:25+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:9627", initial_release_date: "2024-11-14T08:35:32+00:00", revision_history: [ { date: "2024-11-14T08:35:32+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-14T08:35:32+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T19:03:25+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHOSSM 2.6 for RHEL 8", product: { name: "RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.6::el8", }, }, }, { category: "product_name", name: "RHOSSM 2.6 for RHEL 9", product: { name: "RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.6::el9", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.3-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.7-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.3-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.3-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.3-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.3-4", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.3-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.7-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.3-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.3-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.3-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.3-4", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", product_id: "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.3-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.7-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.3-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.3-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", product_id: "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.3-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.3-4", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", product_id: "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.3-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.7-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.3-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.3-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", product_id: "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.3-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.3-4", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64 as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64 as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", relates_to_product_reference: "9Base-RHOSSM-2.6", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-14T08:35:32+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9627", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, ], }
RHSA-2024:11256
Vulnerability from csaf_redhat
Published
2024-12-17 11:08
Modified
2025-04-16 01:44
Summary
Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1
Notes
Topic
Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate
Details
Red Hat Trusted Profile Analyzer 1.2.1
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate", title: "Topic", }, { category: "general", text: "Red Hat Trusted Profile Analyzer 1.2.1", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:11256", url: "https://access.redhat.com/errata/RHSA-2024:11256", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1865", url: "https://issues.redhat.com/browse/TC-1865", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1873", url: "https://issues.redhat.com/browse/TC-1873", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1880", url: "https://issues.redhat.com/browse/TC-1880", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1892", url: "https://issues.redhat.com/browse/TC-1892", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1928", url: "https://issues.redhat.com/browse/TC-1928", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1947", url: "https://issues.redhat.com/browse/TC-1947", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1970", url: "https://issues.redhat.com/browse/TC-1970", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1868", url: "https://issues.redhat.com/browse/TC-1868", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1937", url: "https://issues.redhat.com/browse/TC-1937", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1795", url: "https://issues.redhat.com/browse/TC-1795", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1824", url: "https://issues.redhat.com/browse/TC-1824", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1870", url: "https://issues.redhat.com/browse/TC-1870", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-21536", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-21538", url: "https://access.redhat.com/security/cve/CVE-2024-21538", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-7254", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/", url: "https://access.redhat.com/security/updates/classification/", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11256.json", }, ], title: "Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1", tracking: { current_release_date: "2025-04-16T01:44:05+00:00", generator: { date: "2025-04-16T01:44:05+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:11256", initial_release_date: "2024-12-17T11:08:00+00:00", revision_history: [ { date: "2024-12-17T11:08:00+00:00", number: "1", summary: "Initial version", }, { date: "2025-03-25T11:08:00+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T01:44:05+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Trusted Profile Analyzer 1.2", product: { name: "Red Hat Trusted Profile Analyzer 1.2", product_id: "Red Hat Trusted Profile Analyzer 1.2", product_identification_helper: { cpe: "cpe:/a:redhat:trusted_profile_analyzer:1.2::el9", }, }, }, ], category: "product_family", name: "Red Hat Trusted Profile Analyzer", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", product: { name: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", product_id: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", product_identification_helper: { purl: "pkg:oci/rhtpa-guac-rhel9@sha256%3A9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30?arch=amd64&repository_url=registry.redhat.io/rhtpa&tag=1.2.1-1733575106", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64 as a component of Red Hat Trusted Profile Analyzer 1.2", product_id: "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", }, product_reference: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", relates_to_product_reference: "Red Hat Trusted Profile Analyzer 1.2", }, ], }, vulnerabilities: [ { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T11:08:00+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11256", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T11:08:00+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11256", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-21538", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-11-08T13:44:29.182678+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2324550", }, ], notes: [ { category: "description", text: "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.", title: "Vulnerability description", }, { category: "summary", text: "cross-spawn: regular expression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21538", }, { category: "external", summary: "RHBZ#2324550", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2324550", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21538", url: "https://www.cve.org/CVERecord?id=CVE-2024-21538", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", url: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", url: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/pull/160", url: "https://github.com/moxystudio/node-cross-spawn/pull/160", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", url: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", }, ], release_date: "2024-11-08T05:00:04.695000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T11:08:00+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11256", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "cross-spawn: regular expression denial of service", }, ], }
rhsa-2024:10917
Vulnerability from csaf_redhat
Published
2024-12-10 11:04
Modified
2025-04-16 01:43
Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release
Notes
Topic
A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released
Details
Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released", title: "Topic", }, { category: "general", text: "Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:10917", url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger", url: "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-21536", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-43796", url: "https://access.redhat.com/security/cve/CVE-2024-43796", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-43799", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-43800", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45296", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45590", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45811", url: "https://access.redhat.com/security/cve/CVE-2024-45811", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45812", url: "https://access.redhat.com/security/cve/CVE-2024-45812", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-47068", url: "https://access.redhat.com/security/cve/CVE-2024-47068", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10917.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release", tracking: { current_release_date: "2025-04-16T01:43:28+00:00", generator: { date: "2025-04-16T01:43:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:10917", initial_release_date: "2024-12-10T11:04:35+00:00", revision_history: [ { date: "2024-12-10T11:04:35+00:00", number: "1", summary: "Initial version", }, { date: "2025-03-25T11:04:35+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T01:43:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift distributed tracing 3.4", product: { name: "Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift distributed tracing", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-operator-bundle@sha256%3Ae65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Afdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Abf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3A121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Aaebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Af2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3A4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Ab7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Af454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Ac322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3Af6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Af5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3A01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-43796", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:28.106254+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311152", }, ], notes: [ { category: "description", text: "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.", title: "Vulnerability description", }, { category: "summary", text: "express: Improper Input Handling in Express Redirects", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43796", }, { category: "external", summary: "RHBZ#2311152", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311152", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43796", url: "https://www.cve.org/CVERecord?id=CVE-2024-43796", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", }, { category: "external", summary: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", url: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", url: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", }, ], release_date: "2024-09-10T15:15:17.510000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "express: Improper Input Handling in Express Redirects", }, { cve: "CVE-2024-43799", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:30.869487+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311153", }, ], notes: [ { category: "description", text: "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", title: "Vulnerability description", }, { category: "summary", text: "send: Code Execution Vulnerability in Send Library", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "RHBZ#2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43799", url: "https://www.cve.org/CVERecord?id=CVE-2024-43799", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", }, { category: "external", summary: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", url: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", }, { category: "external", summary: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", url: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", }, ], release_date: "2024-09-10T15:15:17.727000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "send: Code Execution Vulnerability in Send Library", }, { cve: "CVE-2024-43800", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:33.631718+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311154", }, ], notes: [ { category: "description", text: "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", title: "Vulnerability description", }, { category: "summary", text: "serve-static: Improper Sanitization in serve-static", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "RHBZ#2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43800", url: "https://www.cve.org/CVERecord?id=CVE-2024-43800", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", url: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", url: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", }, { category: "external", summary: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", url: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", }, ], release_date: "2024-09-10T15:15:17.937000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "serve-static: Improper Sanitization in serve-static", }, { cve: "CVE-2024-45296", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-09-09T19:20:18.127723+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310908", }, ], notes: [ { category: "description", text: "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "path-to-regexp: Backtracking regular expressions cause ReDoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "RHBZ#2310908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310908", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45296", url: "https://www.cve.org/CVERecord?id=CVE-2024-45296", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", url: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", url: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", url: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", }, ], release_date: "2024-09-09T19:15:13.330000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "path-to-regexp: Backtracking regular expressions cause ReDoS", }, { cve: "CVE-2024-45590", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2024-09-10T16:20:29.292154+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311171", }, ], notes: [ { category: "description", text: "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", title: "Vulnerability description", }, { category: "summary", text: "body-parser: Denial of Service Vulnerability in body-parser", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "RHBZ#2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45590", url: "https://www.cve.org/CVERecord?id=CVE-2024-45590", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", }, { category: "external", summary: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", url: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", }, { category: "external", summary: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", url: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", }, ], release_date: "2024-09-10T16:15:21.083000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "body-parser: Denial of Service Vulnerability in body-parser", }, { cve: "CVE-2024-45811", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2024-09-17T20:00:49.944925+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312930", }, ], notes: [ { category: "description", text: "A flaw was found in ViteJS. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists, which can allow an attacker to access arbitrary files via the browser.", title: "Vulnerability description", }, { category: "summary", text: "vite: server.fs.deny is bypassed when using `?import&raw`", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is classified as moderate rather than high severity because it requires specific conditions for exploitation. The attacker must have access to the Vite server, which typically runs in a local development environment rather than in production. Additionally, the bypass allows file access only if the file path is already known or predictable, limiting the attacker's ability to arbitrarily explore the file system. While it exposes file content outside the Vite serving allow list, the scope of access is constrained, and the impact can be mitigated by proper server configurations and deployment practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45811", }, { category: "external", summary: "RHBZ#2312930", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312930", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45811", url: "https://www.cve.org/CVERecord?id=CVE-2024-45811", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45811", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45811", }, { category: "external", summary: "https://github.com/vitejs/vite", url: "https://github.com/vitejs/vite", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249", url: "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34", url: "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd", url: "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6", url: "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7", url: "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7", }, { category: "external", summary: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx", url: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx", }, ], release_date: "2024-09-17T18:44:12+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "vite: server.fs.deny is bypassed when using `?import&raw`", }, { cve: "CVE-2024-45812", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-17T20:20:07.064245+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312935", }, ], notes: [ { category: "description", text: "A DOM clobbering vulnerability was found in ViteJS. This may lead to cross-site scripting (XSS) attacks on websites that include Vite-bundled files configured with an output format of cjs, iife, or umd, and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.", title: "Vulnerability description", }, { category: "summary", text: "vite: XSS via DOM Clobbering gadget found in vite bundled scripts", title: "Vulnerability summary", }, { category: "other", text: "This issue is classified as moderate severity rather than important due to the specific conditions required to exploit the vulnerability. While DOM Clobbering can lead to Cross-Site Scripting (XSS), the attack surface is relatively limited. Exploitation is contingent on the presence of unsanitized user-supplied HTML with certain scriptless attributes (`name`, `id`) and the use of particular Vite build outputs (`cjs`, `iife`, `umd`). In environments following proper input sanitization practices, the risk is significantly mitigated. Moreover, the vulnerability does not enable direct code injection or compromise by default but rather leverages existing script elements, reducing the likelihood of widespread exploitation compared to higher severity issues.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45812", }, { category: "external", summary: "RHBZ#2312935", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312935", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45812", url: "https://www.cve.org/CVERecord?id=CVE-2024-45812", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45812", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45812", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad", url: "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad", }, { category: "external", summary: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3", url: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3", }, { category: "external", summary: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", url: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", }, { category: "external", summary: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", url: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", }, { category: "external", summary: "https://scnps.co/papers/sp23_domclob.pdf", url: "https://scnps.co/papers/sp23_domclob.pdf", }, ], release_date: "2024-09-17T20:15:06.037000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "vite: XSS via DOM Clobbering gadget found in vite bundled scripts", }, { cve: "CVE-2024-47068", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-23T16:20:20.383320+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314249", }, ], notes: [ { category: "description", text: "A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.", title: "Vulnerability description", }, { category: "summary", text: "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is classified as moderate severity rather than important because it requires a specific and relatively uncommon attack vector to exploit—namely, attacker-controlled scriptless HTML elements, such as an unsanitized name attribute in an img tag, which are typically less prevalent in well-maintained web applications. Additionally, the impact is limited to scenarios where import.meta is improperly handled in specific module formats (`cjs`, `umd`, `iife`), and the vulnerability can only lead to cross-site scripting (XSS) under specific conditions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47068", }, { category: "external", summary: "RHBZ#2314249", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314249", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47068", url: "https://www.cve.org/CVERecord?id=CVE-2024-47068", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47068", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47068", }, { category: "external", summary: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", url: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", }, { category: "external", summary: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", url: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", }, { category: "external", summary: "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", url: "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", }, { category: "external", summary: "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", url: "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", }, { category: "external", summary: "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", url: "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", }, ], release_date: "2024-09-23T16:15:06.947000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", }, ], }
rhsa-2024:11256
Vulnerability from csaf_redhat
Published
2024-12-17 11:08
Modified
2025-04-16 01:44
Summary
Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1
Notes
Topic
Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate
Details
Red Hat Trusted Profile Analyzer 1.2.1
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate", title: "Topic", }, { category: "general", text: "Red Hat Trusted Profile Analyzer 1.2.1", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:11256", url: "https://access.redhat.com/errata/RHSA-2024:11256", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1865", url: "https://issues.redhat.com/browse/TC-1865", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1873", url: "https://issues.redhat.com/browse/TC-1873", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1880", url: "https://issues.redhat.com/browse/TC-1880", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1892", url: "https://issues.redhat.com/browse/TC-1892", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1928", url: "https://issues.redhat.com/browse/TC-1928", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1947", url: "https://issues.redhat.com/browse/TC-1947", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1970", url: "https://issues.redhat.com/browse/TC-1970", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1868", url: "https://issues.redhat.com/browse/TC-1868", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1937", url: "https://issues.redhat.com/browse/TC-1937", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1795", url: "https://issues.redhat.com/browse/TC-1795", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1824", url: "https://issues.redhat.com/browse/TC-1824", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1870", url: "https://issues.redhat.com/browse/TC-1870", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-21536", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-21538", url: "https://access.redhat.com/security/cve/CVE-2024-21538", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-7254", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/", url: "https://access.redhat.com/security/updates/classification/", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11256.json", }, ], title: "Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1", tracking: { current_release_date: "2025-04-16T01:44:05+00:00", generator: { date: "2025-04-16T01:44:05+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:11256", initial_release_date: "2024-12-17T11:08:00+00:00", revision_history: [ { date: "2024-12-17T11:08:00+00:00", number: "1", summary: "Initial version", }, { date: "2025-03-25T11:08:00+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T01:44:05+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Trusted Profile Analyzer 1.2", product: { name: "Red Hat Trusted Profile Analyzer 1.2", product_id: "Red Hat Trusted Profile Analyzer 1.2", product_identification_helper: { cpe: "cpe:/a:redhat:trusted_profile_analyzer:1.2::el9", }, }, }, ], category: "product_family", name: "Red Hat Trusted Profile Analyzer", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", product: { name: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", product_id: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", product_identification_helper: { purl: "pkg:oci/rhtpa-guac-rhel9@sha256%3A9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30?arch=amd64&repository_url=registry.redhat.io/rhtpa&tag=1.2.1-1733575106", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64 as a component of Red Hat Trusted Profile Analyzer 1.2", product_id: "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", }, product_reference: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", relates_to_product_reference: "Red Hat Trusted Profile Analyzer 1.2", }, ], }, vulnerabilities: [ { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T11:08:00+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11256", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T11:08:00+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11256", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-21538", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-11-08T13:44:29.182678+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2324550", }, ], notes: [ { category: "description", text: "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.", title: "Vulnerability description", }, { category: "summary", text: "cross-spawn: regular expression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21538", }, { category: "external", summary: "RHBZ#2324550", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2324550", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21538", url: "https://www.cve.org/CVERecord?id=CVE-2024-21538", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", url: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", url: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/pull/160", url: "https://github.com/moxystudio/node-cross-spawn/pull/160", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", url: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", }, ], release_date: "2024-11-08T05:00:04.695000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T11:08:00+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11256", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "cross-spawn: regular expression denial of service", }, ], }
rhba-2024:9054
Vulnerability from csaf_redhat
Published
2024-11-11 01:39
Modified
2025-04-16 01:42
Summary
Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.1 bugfix release
Notes
Topic
Red Hat Developer Hub 1.3.1 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed,
customizable developer portal based on Backstage.io. RHDH is supported on
OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features
of RHDH include a single pane of glass, a centralized software catalog,
self-service via golden path templates, and Tech Docs. RHDH is extensible by
plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Developer Hub 1.3.1 has been released.", title: "Topic", }, { category: "general", text: "Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed,\ncustomizable developer portal based on Backstage.io. RHDH is supported on\nOpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features\nof RHDH include a single pane of glass, a centralized software catalog,\nself-service via golden path templates, and Tech Docs. RHDH is extensible by\nplugins.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2024:9054", url: "https://access.redhat.com/errata/RHBA-2024:9054", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.3", url: "https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.3", }, { category: "external", summary: "RHIDP-4343", url: "https://issues.redhat.com/browse/RHIDP-4343", }, { category: "external", summary: "RHIDP-4344", url: "https://issues.redhat.com/browse/RHIDP-4344", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_9054.json", }, ], title: "Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.1 bugfix release", tracking: { current_release_date: "2025-04-16T01:42:57+00:00", generator: { date: "2025-04-16T01:42:57+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHBA-2024:9054", initial_release_date: "2024-11-11T01:39:34+00:00", revision_history: [ { date: "2024-11-11T01:39:34+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-11T01:39:34+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T01:42:57+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Developer Hub 1.3 for RHEL 9", product: { name: "Red Hat Developer Hub 1.3 for RHEL 9", product_id: "9Base-RHDH-1.3", product_identification_helper: { cpe: "cpe:/a:redhat:rhdh:1.3::el9", }, }, }, ], category: "product_family", name: "Red Hat Developer Hub", }, { branches: [ { category: "product_version", name: "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", product: { name: "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", product_id: "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", product_identification_helper: { purl: "pkg:oci/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314?arch=amd64&repository_url=registry.redhat.io/rhdh/rhdh-hub-rhel9&tag=1.3-124", }, }, }, { category: "product_version", name: "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", product: { name: "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", product_id: "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", product_identification_helper: { purl: "pkg:oci/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295?arch=amd64&repository_url=registry.redhat.io/rhdh/rhdh-operator-bundle&tag=1.3-118", }, }, }, { category: "product_version", name: "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", product: { name: "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", product_id: "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", product_identification_helper: { purl: "pkg:oci/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167?arch=amd64&repository_url=registry.redhat.io/rhdh/rhdh-rhel9-operator&tag=1.3-119", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64 as a component of Red Hat Developer Hub 1.3 for RHEL 9", product_id: "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", }, product_reference: "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", relates_to_product_reference: "9Base-RHDH-1.3", }, { category: "default_component_of", full_product_name: { name: "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64 as a component of Red Hat Developer Hub 1.3 for RHEL 9", product_id: "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", }, product_reference: "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", relates_to_product_reference: "9Base-RHDH-1.3", }, { category: "default_component_of", full_product_name: { name: "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64 as a component of Red Hat Developer Hub 1.3 for RHEL 9", product_id: "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", }, product_reference: "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", relates_to_product_reference: "9Base-RHDH-1.3", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", ], known_not_affected: [ "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-11T01:39:34+00:00", details: "To install the Red Hat Developer Hub 1.3, follow the instructions linked from the References section.", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2024:9054", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-37890", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-06-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2292777", }, ], notes: [ { category: "description", text: "A flaw was found in the Node.js WebSocket library (ws). A request with several headers exceeding the 'server.maxHeadersCount' threshold could be used to crash a ws server, leading to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-ws: denial of service when handling a request with many HTTP headers", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", ], known_not_affected: [ "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-37890", }, { category: "external", summary: "RHBZ#2292777", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2292777", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-37890", url: "https://www.cve.org/CVERecord?id=CVE-2024-37890", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-37890", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-37890", }, { category: "external", summary: "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q", url: "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q", }, ], release_date: "2024-06-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-11T01:39:34+00:00", details: "To install the Red Hat Developer Hub 1.3, follow the instructions linked from the References section.", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2024:9054", }, { category: "workaround", details: "The issue can be mitigated by reducing the maximum allowed length of the request headers using the --max-http-header-size=size or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. The issue can be mitigated also by seting server.maxHeadersCount to 0.", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "nodejs-ws: denial of service when handling a request with many HTTP headers", }, { cve: "CVE-2024-45590", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2024-09-10T16:20:29.292154+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311171", }, ], notes: [ { category: "description", text: "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", title: "Vulnerability description", }, { category: "summary", text: "body-parser: Denial of Service Vulnerability in body-parser", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", ], known_not_affected: [ "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "RHBZ#2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45590", url: "https://www.cve.org/CVERecord?id=CVE-2024-45590", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", }, { category: "external", summary: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", url: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", }, { category: "external", summary: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", url: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", }, ], release_date: "2024-09-10T16:15:21.083000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-11T01:39:34+00:00", details: "To install the Red Hat Developer Hub 1.3, follow the instructions linked from the References section.", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2024:9054", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "body-parser: Denial of Service Vulnerability in body-parser", }, ], }
rhsa-2024:9627
Vulnerability from csaf_redhat
Published
2024-11-14 08:35
Modified
2025-04-16 01:43
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.3
Notes
Topic
Red Hat OpenShift Service Mesh Containers for 2.6.3
This update has a security impact of Moderate. A Common Vulnerability Scoring
System (CVSS) base score, which gives a detailed severity rating, is available
for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* kiali-ossmc-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8280)
* openshift-istio-kiali-rhel8-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8281)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Service Mesh Containers for 2.6.3\n\nThis update has a security impact of Moderate. A Common Vulnerability Scoring\nSystem (CVSS) base score, which gives a detailed severity rating, is available\nfor each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* kiali-ossmc-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8280)\n\n* openshift-istio-kiali-rhel8-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8281)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:9627", url: "https://access.redhat.com/errata/RHSA-2024:9627", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9627.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.3", tracking: { current_release_date: "2025-04-16T01:43:10+00:00", generator: { date: "2025-04-16T01:43:10+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:9627", initial_release_date: "2024-11-14T08:35:32+00:00", revision_history: [ { date: "2024-11-14T08:35:32+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-14T08:35:32+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T01:43:10+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHOSSM 2.6 for RHEL 8", product: { name: "RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.6::el8", }, }, }, { category: "product_name", name: "RHOSSM 2.6 for RHEL 9", product: { name: "RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.6::el9", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.3-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.7-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.3-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.3-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.3-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.3-4", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.3-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.7-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.3-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.3-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.3-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.3-4", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", product_id: "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.3-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.7-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.3-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.3-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", product_id: "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.3-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.3-4", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", product_id: "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.3-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.7-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.3-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.3-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", product_id: "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.3-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.3-4", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64 as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64 as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", relates_to_product_reference: "9Base-RHOSSM-2.6", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-14T08:35:32+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9627", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, ], }
rhsa-2024:11255
Vulnerability from csaf_redhat
Published
2024-12-17 10:22
Modified
2025-04-16 01:43
Summary
Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1
Notes
Topic
Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate
Details
Red Hat Trusted Profile Analyzer 1.2.1
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate", title: "Topic", }, { category: "general", text: "Red Hat Trusted Profile Analyzer 1.2.1", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:11255", url: "https://access.redhat.com/errata/RHSA-2024:11255", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1865", url: "https://issues.redhat.com/browse/TC-1865", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1873", url: "https://issues.redhat.com/browse/TC-1873", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1880", url: "https://issues.redhat.com/browse/TC-1880", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1892", url: "https://issues.redhat.com/browse/TC-1892", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1928", url: "https://issues.redhat.com/browse/TC-1928", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1947", url: "https://issues.redhat.com/browse/TC-1947", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1970", url: "https://issues.redhat.com/browse/TC-1970", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1868", url: "https://issues.redhat.com/browse/TC-1868", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1937", url: "https://issues.redhat.com/browse/TC-1937", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1795", url: "https://issues.redhat.com/browse/TC-1795", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1824", url: "https://issues.redhat.com/browse/TC-1824", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1870", url: "https://issues.redhat.com/browse/TC-1870", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-21536", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-21538", url: "https://access.redhat.com/security/cve/CVE-2024-21538", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-7254", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/", url: "https://access.redhat.com/security/updates/classification/", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11255.json", }, ], title: "Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1", tracking: { current_release_date: "2025-04-16T01:43:52+00:00", generator: { date: "2025-04-16T01:43:52+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:11255", initial_release_date: "2024-12-17T10:22:51+00:00", revision_history: [ { date: "2024-12-17T10:22:51+00:00", number: "1", summary: "Initial version", }, { date: "2025-03-25T10:22:51+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T01:43:52+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Trusted Profile Analyzer 1.2", product: { name: "Red Hat Trusted Profile Analyzer 1.2", product_id: "Red Hat Trusted Profile Analyzer 1.2", product_identification_helper: { cpe: "cpe:/a:redhat:trusted_profile_analyzer:1.2::el9", }, }, }, ], category: "product_family", name: "Red Hat Trusted Profile Analyzer", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", product: { name: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", product_id: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", product_identification_helper: { purl: "pkg:oci/rhtpa-trustification-service-rhel9@sha256%3A8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe?arch=amd64&repository_url=registry.redhat.io/rhtpa&tag=1.2.1-1733826968", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64 as a component of Red Hat Trusted Profile Analyzer 1.2", product_id: "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", }, product_reference: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", relates_to_product_reference: "Red Hat Trusted Profile Analyzer 1.2", }, ], }, vulnerabilities: [ { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T10:22:51+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11255", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T10:22:51+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11255", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-21538", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-11-08T13:44:29.182678+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2324550", }, ], notes: [ { category: "description", text: "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.", title: "Vulnerability description", }, { category: "summary", text: "cross-spawn: regular expression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21538", }, { category: "external", summary: "RHBZ#2324550", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2324550", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21538", url: "https://www.cve.org/CVERecord?id=CVE-2024-21538", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", url: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", url: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/pull/160", url: "https://github.com/moxystudio/node-cross-spawn/pull/160", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", url: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", }, ], release_date: "2024-11-08T05:00:04.695000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T10:22:51+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11255", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "cross-spawn: regular expression denial of service", }, ], }
rhsa-2024_11256
Vulnerability from csaf_redhat
Published
2024-12-17 11:08
Modified
2025-01-06 18:55
Summary
Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1
Notes
Topic
Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate
Details
Red Hat Trusted Profile Analyzer 1.2.1
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate", title: "Topic", }, { category: "general", text: "Red Hat Trusted Profile Analyzer 1.2.1", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:11256", url: "https://access.redhat.com/errata/RHSA-2024:11256", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1865", url: "https://issues.redhat.com/browse/TC-1865", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1873", url: "https://issues.redhat.com/browse/TC-1873", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1880", url: "https://issues.redhat.com/browse/TC-1880", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1892", url: "https://issues.redhat.com/browse/TC-1892", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1928", url: "https://issues.redhat.com/browse/TC-1928", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1947", url: "https://issues.redhat.com/browse/TC-1947", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1970", url: "https://issues.redhat.com/browse/TC-1970", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1868", url: "https://issues.redhat.com/browse/TC-1868", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1937", url: "https://issues.redhat.com/browse/TC-1937", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1795", url: "https://issues.redhat.com/browse/TC-1795", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1824", url: "https://issues.redhat.com/browse/TC-1824", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1870", url: "https://issues.redhat.com/browse/TC-1870", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11256.json", }, ], title: "Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1", tracking: { current_release_date: "2025-01-06T18:55:08+00:00", generator: { date: "2025-01-06T18:55:08+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:11256", initial_release_date: "2024-12-17T11:08:00+00:00", revision_history: [ { date: "2024-12-17T11:08:00+00:00", number: "1", summary: "Initial version", }, { date: "2024-12-17T11:08:00+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T18:55:08+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Trusted Profile Analyzer 1.2", product: { name: "Red Hat Trusted Profile Analyzer 1.2", product_id: "Red Hat Trusted Profile Analyzer 1.2", product_identification_helper: { cpe: "cpe:/a:redhat:trusted_profile_analyzer:1.2::el9", }, }, }, ], category: "product_family", name: "Red Hat Trusted Profile Analyzer", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", product: { name: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", product_id: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", product_identification_helper: { purl: "pkg:oci/rhtpa-guac-rhel9@sha256%3A9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30?arch=amd64&repository_url=registry.redhat.io/rhtpa&tag=1.2.1-1733575106", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64 as a component of Red Hat Trusted Profile Analyzer 1.2", product_id: "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", }, product_reference: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", relates_to_product_reference: "Red Hat Trusted Profile Analyzer 1.2", }, ], }, vulnerabilities: [ { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T11:08:00+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11256", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T11:08:00+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11256", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-21538", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-11-08T13:44:29.182678+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2324550", }, ], notes: [ { category: "description", text: "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.", title: "Vulnerability description", }, { category: "summary", text: "cross-spawn: regular expression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21538", }, { category: "external", summary: "RHBZ#2324550", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2324550", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21538", url: "https://www.cve.org/CVERecord?id=CVE-2024-21538", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", url: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", url: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/pull/160", url: "https://github.com/moxystudio/node-cross-spawn/pull/160", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", url: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", }, ], release_date: "2024-11-08T05:00:04.695000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T11:08:00+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11256", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "cross-spawn: regular expression denial of service", }, ], }
rhba-2024:11265
Vulnerability from csaf_redhat
Published
2024-12-17 15:12
Modified
2025-04-16 01:44
Summary
Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.4.0 release.
Notes
Topic
Red Hat Developer Hub 1.4 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Developer Hub 1.4 has been released.", title: "Topic", }, { category: "general", text: "Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2024:11265", url: "https://access.redhat.com/errata/RHBA-2024:11265", }, { category: "external", summary: "https://developers.redhat.com/rhdh/overview", url: "https://developers.redhat.com/rhdh/overview", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_developer_hub", url: "https://docs.redhat.com/en/documentation/red_hat_developer_hub", }, { category: "external", summary: "https://catalog.redhat.com/search?gs&searchType=containers&q=rhdh", url: "https://catalog.redhat.com/search?gs&searchType=containers&q=rhdh", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-21536", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-21538", url: "https://access.redhat.com/security/cve/CVE-2024-21538", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45296", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45590", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45815", url: "https://access.redhat.com/security/cve/CVE-2024-45815", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45816", url: "https://access.redhat.com/security/cve/CVE-2024-45816", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-46976", url: "https://access.redhat.com/security/cve/CVE-2024-46976", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-47762", url: "https://access.redhat.com/security/cve/CVE-2024-47762", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_11265.json", }, ], title: "Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.4.0 release.", tracking: { current_release_date: "2025-04-16T01:44:17+00:00", generator: { date: "2025-04-16T01:44:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHBA-2024:11265", initial_release_date: "2024-12-17T15:12:17+00:00", revision_history: [ { date: "2024-12-17T15:12:17+00:00", number: "1", summary: "Initial version", }, { date: "2025-02-12T15:12:17+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T01:44:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Developer Hub (RHDH) 1.4", product: { name: "Red Hat Developer Hub (RHDH) 1.4", product_id: "Red Hat Developer Hub (RHDH) 1.4", product_identification_helper: { cpe: "cpe:/a:redhat:rhdh:1.4::el9", }, }, }, ], category: "product_family", name: "Red Hat Developer Hub (RHDH)", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", product: { name: "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", product_id: "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", product_identification_helper: { purl: "pkg:oci/rhdh-hub-rhel9@sha256%3A48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3?arch=amd64&repository_url=registry.redhat.io/rhdh&tag=1.4-1734106454", }, }, }, { category: "product_version", name: "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", product: { name: "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", product_id: "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", product_identification_helper: { purl: "pkg:oci/rhdh-rhel9-operator@sha256%3A448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721?arch=amd64&repository_url=registry.redhat.io/rhdh&tag=1.4-1734106469", }, }, }, { category: "product_version", name: "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", product: { name: "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", product_id: "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", product_identification_helper: { purl: "pkg:oci/rhdh-operator-bundle@sha256%3A2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15?arch=amd64&repository_url=registry.redhat.io/rhdh&tag=1.4-1734113472", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4", product_id: "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", }, product_reference: "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", relates_to_product_reference: "Red Hat Developer Hub (RHDH) 1.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4", product_id: "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", }, product_reference: "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", relates_to_product_reference: "Red Hat Developer Hub (RHDH) 1.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4", product_id: "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", }, product_reference: "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", relates_to_product_reference: "Red Hat Developer Hub (RHDH) 1.4", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], known_not_affected: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T15:12:17+00:00", details: "For more about Red Hat Developer Hub, see References links", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2024:11265", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-21538", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-11-08T13:44:29.182678+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2324550", }, ], notes: [ { category: "description", text: "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.", title: "Vulnerability description", }, { category: "summary", text: "cross-spawn: regular expression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], known_not_affected: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21538", }, { category: "external", summary: "RHBZ#2324550", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2324550", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21538", url: "https://www.cve.org/CVERecord?id=CVE-2024-21538", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", url: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", url: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/pull/160", url: "https://github.com/moxystudio/node-cross-spawn/pull/160", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", url: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", }, ], release_date: "2024-11-08T05:00:04.695000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T15:12:17+00:00", details: "For more about Red Hat Developer Hub, see References links", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2024:11265", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "cross-spawn: regular expression denial of service", }, { cve: "CVE-2024-45296", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-09-09T19:20:18.127723+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310908", }, ], notes: [ { category: "description", text: "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "path-to-regexp: Backtracking regular expressions cause ReDoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], known_not_affected: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "RHBZ#2310908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310908", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45296", url: "https://www.cve.org/CVERecord?id=CVE-2024-45296", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", url: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", url: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", url: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", }, ], release_date: "2024-09-09T19:15:13.330000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T15:12:17+00:00", details: "For more about Red Hat Developer Hub, see References links", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2024:11265", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "path-to-regexp: Backtracking regular expressions cause ReDoS", }, { cve: "CVE-2024-45590", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2024-09-10T16:20:29.292154+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311171", }, ], notes: [ { category: "description", text: "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", title: "Vulnerability description", }, { category: "summary", text: "body-parser: Denial of Service Vulnerability in body-parser", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], known_not_affected: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "RHBZ#2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45590", url: "https://www.cve.org/CVERecord?id=CVE-2024-45590", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", }, { category: "external", summary: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", url: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", }, { category: "external", summary: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", url: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", }, ], release_date: "2024-09-10T16:15:21.083000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T15:12:17+00:00", details: "For more about Red Hat Developer Hub, see References links", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2024:11265", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "body-parser: Denial of Service Vulnerability in body-parser", }, { cve: "CVE-2024-45815", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2024-09-17T21:20:06.780788+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312952", }, ], notes: [ { category: "description", text: "A flaw was found in the backstage/plugin-catalog-backend package. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API.", title: "Vulnerability description", }, { category: "summary", text: "plugin-catalog-backend: prototype pollution vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], known_not_affected: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45815", }, { category: "external", summary: "RHBZ#2312952", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312952", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45815", url: "https://www.cve.org/CVERecord?id=CVE-2024-45815", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45815", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45815", }, { category: "external", summary: "https://github.com/backstage/backstage/security/advisories/GHSA-3x3f-jcp3-g22j", url: "https://github.com/backstage/backstage/security/advisories/GHSA-3x3f-jcp3-g22j", }, ], release_date: "2024-09-17T21:15:12.320000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T15:12:17+00:00", details: "For more about Red Hat Developer Hub, see References links", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2024:11265", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "plugin-catalog-backend: prototype pollution vulnerability", }, { cve: "CVE-2024-45816", cwe: { id: "CWE-23", name: "Relative Path Traversal", }, discovery_date: "2024-09-17T21:20:09.051855+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312953", }, ], notes: [ { category: "description", text: "A directory traversal vulnerability was found in the backstage/plugin-techdocs-backend package. When using the AWS S3 or GCS storage provider for TechDocs, it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage.", title: "Vulnerability description", }, { category: "summary", text: "plugin-techdocs-backend: storage bucket directory traversal in TechDocs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], known_not_affected: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45816", }, { category: "external", summary: "RHBZ#2312953", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312953", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45816", url: "https://www.cve.org/CVERecord?id=CVE-2024-45816", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45816", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45816", }, { category: "external", summary: "https://github.com/backstage/backstage/security/advisories/GHSA-39v3-f278-vj3g", url: "https://github.com/backstage/backstage/security/advisories/GHSA-39v3-f278-vj3g", }, ], release_date: "2024-09-17T21:15:12.553000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T15:12:17+00:00", details: "For more about Red Hat Developer Hub, see References links", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2024:11265", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "plugin-techdocs-backend: storage bucket directory traversal in TechDocs", }, { cve: "CVE-2024-46976", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-09-17T21:20:11.815685+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312954", }, ], notes: [ { category: "description", text: "A flaw was found in the backstage/plugin-techdocs-backend package. An attacker with control of the contents of the TechDocs storage buckets may be able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link.", title: "Vulnerability description", }, { category: "summary", text: "plugin-techdocs-backend: circumvention of XSS protection in TechDocs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], known_not_affected: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-46976", }, { category: "external", summary: "RHBZ#2312954", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312954", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-46976", url: "https://www.cve.org/CVERecord?id=CVE-2024-46976", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-46976", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-46976", }, { category: "external", summary: "https://github.com/backstage/backstage/security/advisories/GHSA-5j94-f3mf-8685", url: "https://github.com/backstage/backstage/security/advisories/GHSA-5j94-f3mf-8685", }, ], release_date: "2024-09-17T21:15:12.763000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T15:12:17+00:00", details: "For more about Red Hat Developer Hub, see References links", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2024:11265", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "plugin-techdocs-backend: circumvention of XSS protection in TechDocs", }, { cve: "CVE-2024-47762", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2024-10-03T18:01:14.495619+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316342", }, ], notes: [ { category: "description", text: "A flaw was found in the backstage/plugin-app-backend package. Configurations supplied through APP_CONFIG_* environment variables unexpectedly ignore the visibility defined in the configuration schema, potentially exposing sensitive configuration details intended to remain private or restricted to backend processes.", title: "Vulnerability description", }, { category: "summary", text: "backstage/plugin-app-backend: Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], known_not_affected: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47762", }, { category: "external", summary: "RHBZ#2316342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47762", url: "https://www.cve.org/CVERecord?id=CVE-2024-47762", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47762", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47762", }, { category: "external", summary: "https://github.com/backstage/backstage/commit/323e6129073c5cb4cc106a1239eaec31a129554f", url: "https://github.com/backstage/backstage/commit/323e6129073c5cb4cc106a1239eaec31a129554f", }, { category: "external", summary: "https://github.com/backstage/backstage/security/advisories/GHSA-qc4v-xq2m-65wc", url: "https://github.com/backstage/backstage/security/advisories/GHSA-qc4v-xq2m-65wc", }, ], release_date: "2024-10-03T17:14:34.529000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T15:12:17+00:00", details: "For more about Red Hat Developer Hub, see References links", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2024:11265", }, { category: "workaround", details: "Avoid supplying secrets using the APP_CONFIG_* configuration pattern. Consider alternative methods such as the environment variable substitution.\n\nSee this link for more information about environment variable substitution: https://backstage.io/docs/conf/writing/#environment-variable-substitution", product_ids: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64", "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "backstage/plugin-app-backend: Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend", }, ], }
rhsa-2024_10917
Vulnerability from csaf_redhat
Published
2024-12-10 11:04
Modified
2025-01-06 18:54
Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release
Notes
Topic
A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released
Details
Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released", title: "Topic", }, { category: "general", text: "Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:10917", url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger", url: "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10917.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release", tracking: { current_release_date: "2025-01-06T18:54:35+00:00", generator: { date: "2025-01-06T18:54:35+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:10917", initial_release_date: "2024-12-10T11:04:35+00:00", revision_history: [ { date: "2024-12-10T11:04:35+00:00", number: "1", summary: "Initial version", }, { date: "2024-12-10T11:04:35+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T18:54:35+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift distributed tracing 3.4", product: { name: "Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift distributed tracing", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-operator-bundle@sha256%3Ae65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Afdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Abf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3A121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Aaebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Af2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3A4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Ab7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Af454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Ac322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3Af6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Af5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3A01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-43796", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:28.106254+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311152", }, ], notes: [ { category: "description", text: "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.", title: "Vulnerability description", }, { category: "summary", text: "express: Improper Input Handling in Express Redirects", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43796", }, { category: "external", summary: "RHBZ#2311152", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311152", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43796", url: "https://www.cve.org/CVERecord?id=CVE-2024-43796", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", }, { category: "external", summary: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", url: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", url: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", }, ], release_date: "2024-09-10T15:15:17.510000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "express: Improper Input Handling in Express Redirects", }, { cve: "CVE-2024-43799", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:30.869487+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311153", }, ], notes: [ { category: "description", text: "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", title: "Vulnerability description", }, { category: "summary", text: "send: Code Execution Vulnerability in Send Library", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "RHBZ#2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43799", url: "https://www.cve.org/CVERecord?id=CVE-2024-43799", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", }, { category: "external", summary: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", url: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", }, { category: "external", summary: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", url: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", }, ], release_date: "2024-09-10T15:15:17.727000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "send: Code Execution Vulnerability in Send Library", }, { cve: "CVE-2024-43800", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:33.631718+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311154", }, ], notes: [ { category: "description", text: "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", title: "Vulnerability description", }, { category: "summary", text: "serve-static: Improper Sanitization in serve-static", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "RHBZ#2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43800", url: "https://www.cve.org/CVERecord?id=CVE-2024-43800", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", url: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", url: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", }, { category: "external", summary: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", url: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", }, ], release_date: "2024-09-10T15:15:17.937000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "serve-static: Improper Sanitization in serve-static", }, { cve: "CVE-2024-45296", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-09-09T19:20:18.127723+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310908", }, ], notes: [ { category: "description", text: "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "path-to-regexp: Backtracking regular expressions cause ReDoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "RHBZ#2310908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310908", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45296", url: "https://www.cve.org/CVERecord?id=CVE-2024-45296", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", url: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", url: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", url: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", }, ], release_date: "2024-09-09T19:15:13.330000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "path-to-regexp: Backtracking regular expressions cause ReDoS", }, { cve: "CVE-2024-45590", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2024-09-10T16:20:29.292154+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311171", }, ], notes: [ { category: "description", text: "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", title: "Vulnerability description", }, { category: "summary", text: "body-parser: Denial of Service Vulnerability in body-parser", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "RHBZ#2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45590", url: "https://www.cve.org/CVERecord?id=CVE-2024-45590", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", }, { category: "external", summary: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", url: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", }, { category: "external", summary: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", url: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", }, ], release_date: "2024-09-10T16:15:21.083000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "body-parser: Denial of Service Vulnerability in body-parser", }, { cve: "CVE-2024-45811", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2024-09-17T20:00:49.944925+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312930", }, ], notes: [ { category: "description", text: "A flaw was found in ViteJS. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists, which can allow an attacker to access arbitrary files via the browser.", title: "Vulnerability description", }, { category: "summary", text: "vite: server.fs.deny is bypassed when using `?import&raw`", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is classified as moderate rather than high severity because it requires specific conditions for exploitation. The attacker must have access to the Vite server, which typically runs in a local development environment rather than in production. Additionally, the bypass allows file access only if the file path is already known or predictable, limiting the attacker's ability to arbitrarily explore the file system. While it exposes file content outside the Vite serving allow list, the scope of access is constrained, and the impact can be mitigated by proper server configurations and deployment practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45811", }, { category: "external", summary: "RHBZ#2312930", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312930", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45811", url: "https://www.cve.org/CVERecord?id=CVE-2024-45811", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45811", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45811", }, { category: "external", summary: "https://github.com/vitejs/vite", url: "https://github.com/vitejs/vite", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249", url: "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34", url: "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd", url: "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6", url: "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7", url: "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7", }, { category: "external", summary: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx", url: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx", }, ], release_date: "2024-09-17T18:44:12+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "vite: server.fs.deny is bypassed when using `?import&raw`", }, { cve: "CVE-2024-45812", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-17T20:20:07.064245+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312935", }, ], notes: [ { category: "description", text: "A DOM clobbering vulnerability was found in ViteJS. This may lead to cross-site scripting (XSS) attacks on websites that include Vite-bundled files configured with an output format of cjs, iife, or umd, and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.", title: "Vulnerability description", }, { category: "summary", text: "vite: XSS via DOM Clobbering gadget found in vite bundled scripts", title: "Vulnerability summary", }, { category: "other", text: "This issue is classified as moderate severity rather than important due to the specific conditions required to exploit the vulnerability. While DOM Clobbering can lead to Cross-Site Scripting (XSS), the attack surface is relatively limited. Exploitation is contingent on the presence of unsanitized user-supplied HTML with certain scriptless attributes (`name`, `id`) and the use of particular Vite build outputs (`cjs`, `iife`, `umd`). In environments following proper input sanitization practices, the risk is significantly mitigated. Moreover, the vulnerability does not enable direct code injection or compromise by default but rather leverages existing script elements, reducing the likelihood of widespread exploitation compared to higher severity issues.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45812", }, { category: "external", summary: "RHBZ#2312935", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312935", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45812", url: "https://www.cve.org/CVERecord?id=CVE-2024-45812", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45812", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45812", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad", url: "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad", }, { category: "external", summary: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3", url: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3", }, { category: "external", summary: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", url: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", }, { category: "external", summary: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", url: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", }, { category: "external", summary: "https://scnps.co/papers/sp23_domclob.pdf", url: "https://scnps.co/papers/sp23_domclob.pdf", }, ], release_date: "2024-09-17T20:15:06.037000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "vite: XSS via DOM Clobbering gadget found in vite bundled scripts", }, { cve: "CVE-2024-47068", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-23T16:20:20.383320+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314249", }, ], notes: [ { category: "description", text: "A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.", title: "Vulnerability description", }, { category: "summary", text: "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is classified as moderate severity rather than important because it requires a specific and relatively uncommon attack vector to exploit—namely, attacker-controlled scriptless HTML elements, such as an unsanitized name attribute in an img tag, which are typically less prevalent in well-maintained web applications. Additionally, the impact is limited to scenarios where import.meta is improperly handled in specific module formats (`cjs`, `umd`, `iife`), and the vulnerability can only lead to cross-site scripting (XSS) under specific conditions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47068", }, { category: "external", summary: "RHBZ#2314249", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314249", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47068", url: "https://www.cve.org/CVERecord?id=CVE-2024-47068", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47068", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47068", }, { category: "external", summary: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", url: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", }, { category: "external", summary: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", url: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", }, { category: "external", summary: "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", url: "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", }, { category: "external", summary: "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", url: "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", }, { category: "external", summary: "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", url: "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", }, ], release_date: "2024-09-23T16:15:06.947000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-10T11:04:35+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10917", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", }, ], }
rhsa-2025:3929
Vulnerability from csaf_redhat
Published
2025-04-15 19:52
Modified
2025-04-18 10:57
Summary
Red Hat Security Advisory: ACS 4.6 enhancement and security update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security (RHACS).
Details
This release of RHACS fixes the following bugs:
* Fixed an issue where Central could perform image scans even when delegated scanning was enabled, due to a race condition during Sensor reconnection.
* Fixed an issue where mismatched aggregation fields in Compliance tables and widgets caused inconsistent percentage displays.
* Fixed an issue where you ran into Google Kubernetes Engine (GKE) compatibility test failures because the tests still used a deprecated service in RHACS 4.6.
* Fixed an issue where you could see the Configuration Management page despite only having Alert permissions, resulting in role-based access control (RBAC) errors.
* Fixed an issue where verifying multi-signed images failed due to incorrect error handling.
This release of RHACS fixes the following security vulnerabilities:
CVE-2024-21536: Flaw in http-proxy-middleware allowed denial of service through unhandled promise rejections in micromatch.
CVE-2025-30204: Flaw in jwt-go allowed excessive memory allocation during header parsing, which could lead to a possible denial of service.
CVE-2024-57083: Flaw in redoc allowed prototypes in mergeObjects to be tainted, which allowed a denial of service through crafted payloads.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated images are now available for Red Hat Advanced Cluster Security (RHACS).", title: "Topic", }, { category: "general", text: "This release of RHACS fixes the following bugs:\n\n* Fixed an issue where Central could perform image scans even when delegated scanning was enabled, due to a race condition during Sensor reconnection.\n\n* Fixed an issue where mismatched aggregation fields in Compliance tables and widgets caused inconsistent percentage displays.\n\n* Fixed an issue where you ran into Google Kubernetes Engine (GKE) compatibility test failures because the tests still used a deprecated service in RHACS 4.6.\n\n* Fixed an issue where you could see the Configuration Management page despite only having Alert permissions, resulting in role-based access control (RBAC) errors.\n\n* Fixed an issue where verifying multi-signed images failed due to incorrect error handling.\n\nThis release of RHACS fixes the following security vulnerabilities:\n\nCVE-2024-21536: Flaw in http-proxy-middleware allowed denial of service through unhandled promise rejections in micromatch.\n\nCVE-2025-30204: Flaw in jwt-go allowed excessive memory allocation during header parsing, which could lead to a possible denial of service.\n\nCVE-2024-57083: Flaw in redoc allowed prototypes in mergeObjects to be tainted, which allowed a denial of service through crafted payloads.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2025:3929", url: "https://access.redhat.com/errata/RHSA-2025:3929", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.6/html/release_notes/release-notes-46", url: "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.6/html/release_notes/release-notes-46", }, { category: "external", summary: "2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "2354195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", }, { category: "external", summary: "2355865", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2355865", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3929.json", }, ], title: "Red Hat Security Advisory: ACS 4.6 enhancement and security update", tracking: { current_release_date: "2025-04-18T10:57:13+00:00", generator: { date: "2025-04-18T10:57:13+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2025:3929", initial_release_date: "2025-04-15T19:52:32+00:00", revision_history: [ { date: "2025-04-15T19:52:32+00:00", number: "1", summary: "Initial version", }, { date: "2025-04-15T19:52:32+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-18T10:57:13+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHACS 4.6 for RHEL 8", product: { name: "RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6", product_identification_helper: { cpe: "cpe:/a:redhat:advanced_cluster_security:4.6::el8", }, }, }, ], category: "product_family", name: "Red Hat Advanced Cluster Security for Kubernetes", }, { branches: [ { category: "product_version", name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", product: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", product_id: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", product: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", product_id: "advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", product: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", product_id: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", product: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", product_id: "advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", product: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", product_id: "advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", product: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", product_id: "advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", product: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", product_id: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", product: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", product_id: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160?arch=ppc64le&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8&tag=4.6.5-1", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", product: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", product_id: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", product: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", product_id: "advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", product: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", product_id: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", product: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", product_id: "advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", product: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", product_id: "advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", product: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", product_id: "advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", product: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", product_id: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", product_id: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", product_id: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", product_id: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", product_id: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", product_id: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", product: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", product_id: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e?arch=s390x&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8&tag=4.6.5-1", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", product: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", product_id: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", product: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", product_id: "advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", product: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", product_id: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", product: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", product_id: "advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", product: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", product_id: "advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", product: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", product_id: "advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", product: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", product_id: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", product_id: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", product_id: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", product_id: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", product_id: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", product_id: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", product: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", product_id: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808?arch=amd64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8&tag=4.6.5-1", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", product: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", product_id: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", product: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", product_id: "advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", product: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", product_id: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", product: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", product_id: "advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", product: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", product_id: "advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", product: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", product_id: "advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", product: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", product_id: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", product: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", product_id: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", product: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", product_id: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", product: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", product_id: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", product: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", product_id: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", product: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", product_id: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8&tag=4.6.5-1", }, }, }, { category: "product_version", name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", product: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", product_id: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", product_identification_helper: { purl: "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00?arch=arm64&repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8&tag=4.6.5-1", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", }, product_reference: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", }, product_reference: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", }, product_reference: "advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", }, product_reference: "advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", }, product_reference: "advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", }, product_reference: "advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", }, product_reference: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", }, product_reference: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", }, product_reference: "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", }, product_reference: "advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", }, product_reference: "advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", }, product_reference: "advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", }, product_reference: "advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", }, product_reference: "advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", }, product_reference: "advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", }, product_reference: "advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", }, product_reference: "advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", }, product_reference: "advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", }, product_reference: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", }, product_reference: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", }, product_reference: "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", }, product_reference: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", }, product_reference: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", relates_to_product_reference: "8Base-RHACS-4.6", }, { category: "default_component_of", full_product_name: { name: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64 as a component of RHACS 4.6 for RHEL 8", product_id: "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", }, product_reference: "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", relates_to_product_reference: "8Base-RHACS-4.6", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-15T19:52:32+00:00", details: "If you are using an earlier version of RHACS 4.6, you are advised to upgrade to patch release 4.6.5.", product_ids: [ "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3929", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-57083", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, discovery_date: "2025-03-28T21:01:02.993057+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2355865", }, ], notes: [ { category: "description", text: "A flaw was found in redoc. This vulnerability can allow an attacker to cause a Denial of Service (DoS) via supplying a crafted payload.", title: "Vulnerability description", }, { category: "summary", text: "redoc: Prototype Pollution in redoc", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as an Important severity because it allows attackers to exploit a prototype pollution issue in the Module.mergeObjects method by crafting a malicious payload. An attacker can alter the built-in Object.prototype, causing a Denial of Service (DoS) condition, leading to system instability, impacting the availability of the affected system.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-57083", }, { category: "external", summary: "RHBZ#2355865", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2355865", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-57083", url: "https://www.cve.org/CVERecord?id=CVE-2024-57083", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-57083", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-57083", }, { category: "external", summary: "https://github.com/Redocly/redoc/issues/2499", url: "https://github.com/Redocly/redoc/issues/2499", }, ], release_date: "2025-03-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-15T19:52:32+00:00", details: "If you are using an earlier version of RHACS 4.6, you are advised to upgrade to patch release 4.6.5.", product_ids: [ "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3929", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "redoc: Prototype Pollution in redoc", }, { cve: "CVE-2025-30204", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2025-03-21T22:00:43.818367+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2354195", }, ], notes: [ { category: "description", text: "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2025-30204", }, { category: "external", summary: "RHBZ#2354195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2025-30204", url: "https://www.cve.org/CVERecord?id=CVE-2025-30204", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", url: "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", }, { category: "external", summary: "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", url: "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", }, { category: "external", summary: "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", url: "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", }, ], release_date: "2025-03-21T21:42:01.382000+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-15T19:52:32+00:00", details: "If you are using an earlier version of RHACS 4.6, you are advised to upgrade to patch release 4.6.5.", product_ids: [ "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3929", }, { category: "workaround", details: "Red Hat Product Security does not have a recommended mitigation at this time.", product_ids: [ "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2ff5300da6d6d3c4e3930e22800ae513e70367964a73d07012f707401946c989_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a936b4e9dd1873252fd775aebe0df4e13c0f7edaf8b70842b41e63b3274395c5_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:cf163aa59852d342774011e7e76edee3286d5c2d2b1ec75d894524b0380a03f1_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e7fed901c01af2759c4c4b9cc6adc7f938040ef3c3d8d9f4663312200cc110ce_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1216828fbb569d90cd7d8e24ca031b7943b9fe8318cfc7d82afc5ca92c044242_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:1821c4889efb4760683a7eb2011273456e0290ffcdefd3f74cab8be149af6829_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:bb71169ae6b7a37bb152b23213bdc41bfe5ee3f4af7516afa0e04797a65ee238_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-rhel8@sha256:d516bc18fab4994a415d0a83483b0c5cb494532b69849c46794fa3a8989f014a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:691c46fef5b28ad5d9d0a0f7fd8266fe11e5842456e0061530b94d462ce9eb6e_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8fc763cbcca9cc063defc3af2ae37018e3a0b9aaf49f36ffc53574dc334fc5b8_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:a2b20da53e3f39edef80dd421ef63ed678a412d3693f176770280726da8b8785_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e52a6b01bba06bcb2d72ac44086764f0f1fdff5cc509a14dc99e2f2493901d72_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:3e6cc4455296e470e77428de4501a3753f8201f8f9120416e2f5d9923b653f49_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:a355f88314a82359cd810e495db9dc115db31d5cc1d3a1ac768d8af5c85f6793_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:d9e5bb842c42a8b70a9bf715ed38348b2a0b49ca2f14231c87900ac05fae22c0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-main-rhel8@sha256:f4e2d40b454919fbc2cbaf7c05b03ae139a91113012186742d33b43f3f06f913_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:5d64206745609065f87768999d0043f170bf6d1ff6125c2fb446c1095e2877b3_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:8ed7233224146a80cd6cb5eb38a0163fc97e383bb1cf1d5892a855c6910d10e6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:f61189397263f05214c2d36b4dc0a71a924c2481a1e365b7fb3c71d8dfce6b27_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-operator-bundle@sha256:ffe3e5a19d00090ab1e34a263f8046d9dda5dd3eb7c3bfe7f8c523630eea2f5e_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:0d39a8d67d1891c7a0fd0974ccbe3058f06e7193eb172e2c274bc2a48bf09055_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:2f9b4eb04d86666e14e2dbb8c9256f07b0975c703ad8141d49451f6e78687ff0_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:65b60da1cd8857cda94388ade34fc8d39dd5dcdaea6c9684fac00f3bbca78f45_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-rhel8-operator@sha256:f67d798d415212bccbcd0c7a7515615110fafcdb6552bbf63f450c39fe5f3995_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:07555f5f5a95cfc0f52d0c4d3cdb3d2561eb2b8c0c6e2382ef509e39d26d782f_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:91acf7017e8d4779ed97c825d7efa0911cfabeb1522691272927a26231d82606_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c2d35dd6b079897440e6481726fadd47b40d19c66a56fb629631a551670cb6d4_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:d09ad7960283a4eec943b1972ede55be7fce871ae12de0a6c66edabd27028cf7_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:499fba961ca391b48d5ded56cb495f4e12c917518c2b0bd35aa35f19eb155dfa_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b7062ee50bf674108a36d62a0cb361aefb19f02b858a00778ca81dcb648fffa6_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:c634a2ad9aeccc03e9b3c5677ff77a657004e9563602b00561a65898936cf25c_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ea988842c29a9fe4dd484244d8d5dc42a4c59f8fc8694b0277cefb2f16d3044d_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:06bf71b53e9b0be8b81170e6830d52f4fcff65506c76302df08325e2b6d8d064_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:20cf7f2dac6c78237ae330279499bfd61e1b36141450d055c8973e29f91f4d57_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:6f6affe109b5a27aa482ca039e170c052aa0910fb0ea74e71d09ae721cdec774_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c9127e2bd083f31daaba61481f0b20f350b1ce220c2be68fd9e90140e4552542_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:3177485031ee133793c505dc62cd5dd0368dd08ccdd8d3fd8e2c1c5235812323_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:72725aabbc30533ab7462d2734e458edf5a507f4f4debd94d6666b0b9a870b3d_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:82f27d7a89b86e6a8169051b4c8b73472fc31a18fc32e33e766a1acc42cb2d4c_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-rhel8@sha256:b95cab7b90996835a71c6dc622f5a8ca50d859b62347b8e6069ef445e06f83e8_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0215c995567b9d84b26c86a7b3f5188fefcc6b19c61368a7f2858f2aaf5f6272_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:73699d2d22b5a8e31312af145d4bf81fb0e60d6137c15823baf3b15d72ce31f9_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:9e4d46329cb1206ac1cd4f5c9cb880ed1667d482cc3edb5054dbb93aecc388fc_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c1e39493afc64151bfe28fafd25a67bcee6537bcd71be34365d9f34974fe5ef1_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:358c1492882e11fad56cea686cd080efb47bba579ff65065740dcb7a8868bc00_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:ab8dfc60413a00ee0775908e6f4539a24d5e431d5226aa5c86600709e9658160_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:c60c61bb1478e728497e352922238e148be179d968fd0c5f013a644320559f3e_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:d0bb3b155f7677f77f8b8c165686e71f3925243d51c751635882b71fdd57b808_amd64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:5c00eee9d5ec885e9d68a64ab34e6dc15206c52feed3b0f24011272b79bda178_s390x", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:6a00c495fd232292d8cf686effb73dbd599e422e4aa77561ea91c90910e60a4a_ppc64le", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:73278d1ada48dbddf597f224ad347c86167bf02cb8f74a1d19847863c2c67063_arm64", "8Base-RHACS-4.6:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f6c5fc651e644b281e86e029e10b9bf78bbc5622e9fa6394d28ac490fce322ae_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", }, ], }
rhsa-2024_11255
Vulnerability from csaf_redhat
Published
2024-12-17 10:22
Modified
2025-01-06 18:54
Summary
Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1
Notes
Topic
Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate
Details
Red Hat Trusted Profile Analyzer 1.2.1
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Trusted Profile Analyzer 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Moderate", title: "Topic", }, { category: "general", text: "Red Hat Trusted Profile Analyzer 1.2.1", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:11255", url: "https://access.redhat.com/errata/RHSA-2024:11255", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1865", url: "https://issues.redhat.com/browse/TC-1865", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1873", url: "https://issues.redhat.com/browse/TC-1873", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1880", url: "https://issues.redhat.com/browse/TC-1880", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1892", url: "https://issues.redhat.com/browse/TC-1892", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1928", url: "https://issues.redhat.com/browse/TC-1928", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1947", url: "https://issues.redhat.com/browse/TC-1947", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1970", url: "https://issues.redhat.com/browse/TC-1970", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1868", url: "https://issues.redhat.com/browse/TC-1868", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1937", url: "https://issues.redhat.com/browse/TC-1937", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1795", url: "https://issues.redhat.com/browse/TC-1795", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1824", url: "https://issues.redhat.com/browse/TC-1824", }, { category: "external", summary: "https://issues.redhat.com/browse/TC-1870", url: "https://issues.redhat.com/browse/TC-1870", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/1.2.1/html/release_notes/index", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11255.json", }, ], title: "Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1", tracking: { current_release_date: "2025-01-06T18:54:56+00:00", generator: { date: "2025-01-06T18:54:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:11255", initial_release_date: "2024-12-17T10:22:51+00:00", revision_history: [ { date: "2024-12-17T10:22:51+00:00", number: "1", summary: "Initial version", }, { date: "2024-12-17T10:22:51+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T18:54:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Trusted Profile Analyzer 1.2", product: { name: "Red Hat Trusted Profile Analyzer 1.2", product_id: "Red Hat Trusted Profile Analyzer 1.2", product_identification_helper: { cpe: "cpe:/a:redhat:trusted_profile_analyzer:1.2::el9", }, }, }, ], category: "product_family", name: "Red Hat Trusted Profile Analyzer", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", product: { name: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", product_id: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", product_identification_helper: { purl: "pkg:oci/rhtpa-trustification-service-rhel9@sha256%3A8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe?arch=amd64&repository_url=registry.redhat.io/rhtpa&tag=1.2.1-1733826968", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64 as a component of Red Hat Trusted Profile Analyzer 1.2", product_id: "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", }, product_reference: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", relates_to_product_reference: "Red Hat Trusted Profile Analyzer 1.2", }, ], }, vulnerabilities: [ { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T10:22:51+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11255", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T10:22:51+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11255", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-21538", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-11-08T13:44:29.182678+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2324550", }, ], notes: [ { category: "description", text: "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.", title: "Vulnerability description", }, { category: "summary", text: "cross-spawn: regular expression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21538", }, { category: "external", summary: "RHBZ#2324550", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2324550", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21538", url: "https://www.cve.org/CVERecord?id=CVE-2024-21538", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", url: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", url: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/pull/160", url: "https://github.com/moxystudio/node-cross-spawn/pull/160", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", url: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", }, ], release_date: "2024-11-08T05:00:04.695000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-17T10:22:51+00:00", details: "It is recommended that existing users of RHTPA 1.2.0 upgrade to 1.2.1. For more information please refer to the Release Notes.", product_ids: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11255", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Trusted Profile Analyzer 1.2:registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "cross-spawn: regular expression denial of service", }, ], }
RHSA-2024:9627
Vulnerability from csaf_redhat
Published
2024-11-14 08:35
Modified
2025-04-16 01:43
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.3
Notes
Topic
Red Hat OpenShift Service Mesh Containers for 2.6.3
This update has a security impact of Moderate. A Common Vulnerability Scoring
System (CVSS) base score, which gives a detailed severity rating, is available
for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* kiali-ossmc-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8280)
* openshift-istio-kiali-rhel8-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8281)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Service Mesh Containers for 2.6.3\n\nThis update has a security impact of Moderate. A Common Vulnerability Scoring\nSystem (CVSS) base score, which gives a detailed severity rating, is available\nfor each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* kiali-ossmc-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8280)\n\n* openshift-istio-kiali-rhel8-container: Denial of Service [ossm-2.6] (CVE-2024-21536) (OSSM-8281)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:9627", url: "https://access.redhat.com/errata/RHSA-2024:9627", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9627.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.3", tracking: { current_release_date: "2025-04-16T01:43:10+00:00", generator: { date: "2025-04-16T01:43:10+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:9627", initial_release_date: "2024-11-14T08:35:32+00:00", revision_history: [ { date: "2024-11-14T08:35:32+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-14T08:35:32+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T01:43:10+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHOSSM 2.6 for RHEL 8", product: { name: "RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.6::el8", }, }, }, { category: "product_name", name: "RHOSSM 2.6 for RHEL 9", product: { name: "RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.6::el9", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.3-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.7-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.3-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.3-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.3-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.3-4", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.3-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.7-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.3-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.3-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.3-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.3-4", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", product_id: "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.3-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.7-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.3-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.3-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", product_id: "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.3-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.3-4", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", product_id: "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.3-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.7-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.3-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.3-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", product_id: "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.3-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.3-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.3-4", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64 as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64 as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", relates_to_product_reference: "9Base-RHOSSM-2.6", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-14T08:35:32+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9627", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:1889c37248102e7fbc6914767f962bc25e8f24764d047569b5adb44599201390_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:8c9fc3f17807394af1b664fdab1064b65e4423c86263589b3a19d417947d00c9_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:c6682b3cd97d7d6d0f6ca841f7fec8bacb3bd93edd963278abe282bba762ec3d_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:d8ebecdbde50b3a582c6e71a6badaca02c54e827fe48537ac9c690ead424bb04_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:0372efd25c6c7f723716845d733fd7c45bda5aad5b2d3e7f9037aa11a663f959_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:28ace192ebbac74213f0f43290a8bc210c8229d531b136a4331f7c7631560efc_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:59072d66381da02a05d4cddbf3f73e7c96ada225c6dd202ca4ad0f8f866bdc29_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:be9f110bc9eb80cee9d9377a24069262dfd5595265b1d9cd8043c3a01e483d67_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:2891713b69c41aba55dcd30fc09943c2bb9a3a4914ea17dc951d18152e4e9892_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:6a3b4998378d38293d182fddf365da23f6217652eac83e5f01a14fa276b246a5_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:b6bd43e43c736cf131606c1e886accfd80b449c470cbbf462185f7b5cf8d0640_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d4e4fe6cfb422f7cabc20c856b304f34ae00cbcdb16bd64b71c6bcfd2f0b1136_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:33a30bfeb06ae9dbac23d19244c2467c1172419694694c6af7c9503f4be17a7f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bac85b4bb1235e0116f8039ff04792581958af49de4063a05caa53315fcdf2a0_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:bbd7d74fa80549b760e979be903db5511205b60d1c34e15b4cec85fb03883ff8_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:be82d8435d651e788e3a2d261fa9a6470116bd0e0ab4a903ac19e410b0e6e571_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:30c7d6d2911101f268aff934b44088da64b714b14fb840fe085687b590337ee4_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:4c11fb6461953aecdd842bf5725cece9e9452b888faf8cbaccd4c323c5125319_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a6d3a8a335949f1b7190e2a894c42e57fbc61850e104f7a1dd6e1c02f94d0c06_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:c54e5b8b593ba7a9f1a1230350212985494d3510e92fa0edf156f84ceec4c83e_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:08020bfd523e7416fe924996ef68cb4d1d3acb8bdfddc15c73076a8b40e535b7_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:ac3fea59a801e20040e69f82a4f0be3eb04b0b82fa0af53222a6b6554def17ff_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:cd726f120f5e8c11cff71db116f249bb6563afdae114e63a006521c5bc543b6c_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:dcadfeeac77f2c41d76a37ba5aaac0d3391c8eaabcd95102b0e0fa3eef20de85_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:027db8bef3bf61c4f5fc5ffea655fbf3cac217c59f980846553ac36f49280ee3_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:21c3ffa684ce7241faef6f0c2a096dc70344d5b1823238ece95d5a3637147750_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:3e37eaeaecb34299216b4995ef16de97bf97eacdc1de328b23a92da4415ef78c_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:5c17f1ad457b50b234e4cea2df0604a903de08d8fd407ed662b5792ea97e83ec_s390x", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1271c93e9048ab945ef6337663a9600f3a5f355be3374c4193b8e97ee6ab245_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:c1fd9098be27632d6f46b3f1f9c31fc700dd5deb9bff5594e1ec046c3e45173d_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:e11bf93a790ab0426eff38347f0cefd75bdda6def12dddd48284835656ef7fc6_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f55b5bd57978cf3ce9023abec88988c31d59610eac4e4e2232e6cde8744bfce2_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, ], }
rhsa-2024:10962
Vulnerability from csaf_redhat
Published
2024-12-11 16:47
Modified
2025-04-16 01:43
Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release
Notes
Topic
A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released
Details
Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released", title: "Topic", }, { category: "general", text: "Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:10962", url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger", url: "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-21536", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-43796", url: "https://access.redhat.com/security/cve/CVE-2024-43796", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-43799", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-43800", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45296", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45590", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45811", url: "https://access.redhat.com/security/cve/CVE-2024-45811", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45812", url: "https://access.redhat.com/security/cve/CVE-2024-45812", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-47068", url: "https://access.redhat.com/security/cve/CVE-2024-47068", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10962.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release", tracking: { current_release_date: "2025-04-16T01:43:40+00:00", generator: { date: "2025-04-16T01:43:40+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:10962", initial_release_date: "2024-12-11T16:47:10+00:00", revision_history: [ { date: "2024-12-11T16:47:10+00:00", number: "1", summary: "Initial version", }, { date: "2025-03-25T16:47:10+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T01:43:40+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift distributed tracing 3.4", product: { name: "Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift distributed tracing", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Aeebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-operator-bundle@sha256%3A44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3Abf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Afd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Ac254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3Ada3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829?arch=amd64&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3Aa7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Ab7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Afed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Ae8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3A4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3A78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952?arch=arm64&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3A3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Aceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Ac81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3Ae537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3Abb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3Ae7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749?arch=ppc64le&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-agent-rhel8@sha256%3Ab541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-collector-rhel8@sha256%3A6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Ab0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-ingester-rhel8@sha256%3A44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-rhel8-operator@sha256%3Ab9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, { category: "product_version", name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", product: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", product_id: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", product_identification_helper: { purl: "pkg:oci/jaeger-query-rhel8@sha256%3Afe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab?arch=s390x&repository_url=registry.redhat.io/rhosdt", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, { category: "default_component_of", full_product_name: { name: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", product_id: "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", }, product_reference: "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", relates_to_product_reference: "Red Hat OpenShift distributed tracing 3.4", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-43796", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:28.106254+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311152", }, ], notes: [ { category: "description", text: "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.", title: "Vulnerability description", }, { category: "summary", text: "express: Improper Input Handling in Express Redirects", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43796", }, { category: "external", summary: "RHBZ#2311152", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311152", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43796", url: "https://www.cve.org/CVERecord?id=CVE-2024-43796", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", }, { category: "external", summary: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", url: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", url: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", }, ], release_date: "2024-09-10T15:15:17.510000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "express: Improper Input Handling in Express Redirects", }, { cve: "CVE-2024-43799", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:30.869487+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311153", }, ], notes: [ { category: "description", text: "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", title: "Vulnerability description", }, { category: "summary", text: "send: Code Execution Vulnerability in Send Library", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "RHBZ#2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43799", url: "https://www.cve.org/CVERecord?id=CVE-2024-43799", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", }, { category: "external", summary: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", url: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", }, { category: "external", summary: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", url: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", }, ], release_date: "2024-09-10T15:15:17.727000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "send: Code Execution Vulnerability in Send Library", }, { cve: "CVE-2024-43800", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:33.631718+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311154", }, ], notes: [ { category: "description", text: "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", title: "Vulnerability description", }, { category: "summary", text: "serve-static: Improper Sanitization in serve-static", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "RHBZ#2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43800", url: "https://www.cve.org/CVERecord?id=CVE-2024-43800", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", url: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", url: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", }, { category: "external", summary: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", url: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", }, ], release_date: "2024-09-10T15:15:17.937000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "serve-static: Improper Sanitization in serve-static", }, { cve: "CVE-2024-45296", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-09-09T19:20:18.127723+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310908", }, ], notes: [ { category: "description", text: "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "path-to-regexp: Backtracking regular expressions cause ReDoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "RHBZ#2310908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310908", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45296", url: "https://www.cve.org/CVERecord?id=CVE-2024-45296", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", url: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", url: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", url: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", }, ], release_date: "2024-09-09T19:15:13.330000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "path-to-regexp: Backtracking regular expressions cause ReDoS", }, { cve: "CVE-2024-45590", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2024-09-10T16:20:29.292154+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311171", }, ], notes: [ { category: "description", text: "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", title: "Vulnerability description", }, { category: "summary", text: "body-parser: Denial of Service Vulnerability in body-parser", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "RHBZ#2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45590", url: "https://www.cve.org/CVERecord?id=CVE-2024-45590", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", }, { category: "external", summary: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", url: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", }, { category: "external", summary: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", url: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", }, ], release_date: "2024-09-10T16:15:21.083000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "body-parser: Denial of Service Vulnerability in body-parser", }, { cve: "CVE-2024-45811", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2024-09-17T20:00:49.944925+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312930", }, ], notes: [ { category: "description", text: "A flaw was found in ViteJS. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists, which can allow an attacker to access arbitrary files via the browser.", title: "Vulnerability description", }, { category: "summary", text: "vite: server.fs.deny is bypassed when using `?import&raw`", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is classified as moderate rather than high severity because it requires specific conditions for exploitation. The attacker must have access to the Vite server, which typically runs in a local development environment rather than in production. Additionally, the bypass allows file access only if the file path is already known or predictable, limiting the attacker's ability to arbitrarily explore the file system. While it exposes file content outside the Vite serving allow list, the scope of access is constrained, and the impact can be mitigated by proper server configurations and deployment practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45811", }, { category: "external", summary: "RHBZ#2312930", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312930", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45811", url: "https://www.cve.org/CVERecord?id=CVE-2024-45811", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45811", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45811", }, { category: "external", summary: "https://github.com/vitejs/vite", url: "https://github.com/vitejs/vite", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249", url: "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34", url: "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd", url: "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6", url: "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7", url: "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7", }, { category: "external", summary: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx", url: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx", }, ], release_date: "2024-09-17T18:44:12+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "vite: server.fs.deny is bypassed when using `?import&raw`", }, { cve: "CVE-2024-45812", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-17T20:20:07.064245+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312935", }, ], notes: [ { category: "description", text: "A DOM clobbering vulnerability was found in ViteJS. This may lead to cross-site scripting (XSS) attacks on websites that include Vite-bundled files configured with an output format of cjs, iife, or umd, and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.", title: "Vulnerability description", }, { category: "summary", text: "vite: XSS via DOM Clobbering gadget found in vite bundled scripts", title: "Vulnerability summary", }, { category: "other", text: "This issue is classified as moderate severity rather than important due to the specific conditions required to exploit the vulnerability. While DOM Clobbering can lead to Cross-Site Scripting (XSS), the attack surface is relatively limited. Exploitation is contingent on the presence of unsanitized user-supplied HTML with certain scriptless attributes (`name`, `id`) and the use of particular Vite build outputs (`cjs`, `iife`, `umd`). In environments following proper input sanitization practices, the risk is significantly mitigated. Moreover, the vulnerability does not enable direct code injection or compromise by default but rather leverages existing script elements, reducing the likelihood of widespread exploitation compared to higher severity issues.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45812", }, { category: "external", summary: "RHBZ#2312935", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312935", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45812", url: "https://www.cve.org/CVERecord?id=CVE-2024-45812", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45812", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45812", }, { category: "external", summary: "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad", url: "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad", }, { category: "external", summary: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3", url: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3", }, { category: "external", summary: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", url: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", }, { category: "external", summary: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", url: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", }, { category: "external", summary: "https://scnps.co/papers/sp23_domclob.pdf", url: "https://scnps.co/papers/sp23_domclob.pdf", }, ], release_date: "2024-09-17T20:15:06.037000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "vite: XSS via DOM Clobbering gadget found in vite bundled scripts", }, { cve: "CVE-2024-47068", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-23T16:20:20.383320+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314249", }, ], notes: [ { category: "description", text: "A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.", title: "Vulnerability description", }, { category: "summary", text: "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is classified as moderate severity rather than important because it requires a specific and relatively uncommon attack vector to exploit—namely, attacker-controlled scriptless HTML elements, such as an unsanitized name attribute in an img tag, which are typically less prevalent in well-maintained web applications. Additionally, the impact is limited to scenarios where import.meta is improperly handled in specific module formats (`cjs`, `umd`, `iife`), and the vulnerability can only lead to cross-site scripting (XSS) under specific conditions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], known_not_affected: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47068", }, { category: "external", summary: "RHBZ#2314249", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314249", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47068", url: "https://www.cve.org/CVERecord?id=CVE-2024-47068", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47068", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47068", }, { category: "external", summary: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", url: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", }, { category: "external", summary: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", url: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", }, { category: "external", summary: "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", url: "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", }, { category: "external", summary: "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", url: "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", }, { category: "external", summary: "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", url: "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", }, ], release_date: "2024-09-23T16:15:06.947000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-11T16:47:10+00:00", details: "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10962", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", }, ], }
WID-SEC-W-2024-3511
Vulnerability from csaf_certbund
Published
2024-11-19 23:00
Modified
2024-11-19 23:00
Summary
IBM App Connect Enterprise: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um einen Denial of Service Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3511 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3511.json", }, { category: "self", summary: "WID-SEC-2024-3511 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3511", }, { category: "external", summary: "IBM Security Bulletin vom 2024-11-19", url: "https://www.ibm.com/support/pages/node/7176616", }, ], source_lang: "en-US", title: "IBM App Connect Enterprise: Schwachstelle ermöglicht Denial of Service", tracking: { current_release_date: "2024-11-19T23:00:00.000+00:00", generator: { date: "2024-11-20T12:42:45.951+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-3511", initial_release_date: "2024-11-19T23:00:00.000+00:00", revision_history: [ { date: "2024-11-19T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<12.5.1", product: { name: "IBM App Connect Enterprise <12.5.1", product_id: "T039345", }, }, { category: "product_version", name: "12.5.1", product: { name: "IBM App Connect Enterprise 12.5.1", product_id: "T039345-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:12.5.1", }, }, }, { category: "product_version_range", name: "LTS <12.0.5", product: { name: "IBM App Connect Enterprise LTS <12.0.5", product_id: "T039346", }, }, { category: "product_version", name: "LTS 12.0.5", product: { name: "IBM App Connect Enterprise LTS 12.0.5", product_id: "T039346-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:lts__12.0.5", }, }, }, { category: "product_version_range", name: "LTS <5.0.22", product: { name: "IBM App Connect Enterprise LTS <5.0.22", product_id: "T039347", }, }, { category: "product_version", name: "LTS 5.0.22", product: { name: "IBM App Connect Enterprise LTS 5.0.22", product_id: "T039347-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:lts__5.0.22", }, }, }, ], category: "product_name", name: "App Connect Enterprise", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM App Connect Enterprise. Dieser Fehler betrifft das Node.js-Modul in den \"Dashboard and DesignerAuthoring\" Komponenten aufgrund einer unsachgemäßen Ressourcenbehandlung in der http-proxy-middleware. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er manipulierte Anfragen an bestimmte Pfade sendet.", }, ], product_status: { known_affected: [ "T039347", "T039346", "T039345", ], }, release_date: "2024-11-19T23:00:00.000+00:00", title: "CVE-2024-21536", }, ], }
WID-SEC-W-2024-3468
Vulnerability from csaf_certbund
Published
2024-11-13 23:00
Modified
2024-11-13 23:00
Summary
Red Hat OpenShift: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3468 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3468.json", }, { category: "self", summary: "WID-SEC-2024-3468 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3468", }, { category: "external", summary: "Red Hat Security Advisory vom 2024-11-13", url: "https://access.redhat.com/errata/RHSA-2024:9627", }, ], source_lang: "en-US", title: "Red Hat OpenShift: Schwachstelle ermöglicht Denial of Service", tracking: { current_release_date: "2024-11-13T23:00:00.000+00:00", generator: { date: "2024-11-14T12:15:23.742+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-3468", initial_release_date: "2024-11-13T23:00:00.000+00:00", revision_history: [ { date: "2024-11-13T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "Service Mesh Containers <2.6.3", product: { name: "Red Hat OpenShift Service Mesh Containers <2.6.3", product_id: "T039183", }, }, { category: "product_version", name: "Service Mesh Containers 2.6.3", product: { name: "Red Hat OpenShift Service Mesh Containers 2.6.3", product_id: "T039183-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:service_mesh_containers__2.6.3", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler existiert im http-proxy-middleware-Paket in den Service Mesh Containern wegen eines unkontrollierten Ressourcenverbrauchs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T039183", ], }, release_date: "2024-11-13T23:00:00.000+00:00", title: "CVE-2024-21536", }, ], }
wid-sec-w-2024-3511
Vulnerability from csaf_certbund
Published
2024-11-19 23:00
Modified
2024-11-19 23:00
Summary
IBM App Connect Enterprise: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um einen Denial of Service Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3511 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3511.json", }, { category: "self", summary: "WID-SEC-2024-3511 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3511", }, { category: "external", summary: "IBM Security Bulletin vom 2024-11-19", url: "https://www.ibm.com/support/pages/node/7176616", }, ], source_lang: "en-US", title: "IBM App Connect Enterprise: Schwachstelle ermöglicht Denial of Service", tracking: { current_release_date: "2024-11-19T23:00:00.000+00:00", generator: { date: "2024-11-20T12:42:45.951+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-3511", initial_release_date: "2024-11-19T23:00:00.000+00:00", revision_history: [ { date: "2024-11-19T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<12.5.1", product: { name: "IBM App Connect Enterprise <12.5.1", product_id: "T039345", }, }, { category: "product_version", name: "12.5.1", product: { name: "IBM App Connect Enterprise 12.5.1", product_id: "T039345-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:12.5.1", }, }, }, { category: "product_version_range", name: "LTS <12.0.5", product: { name: "IBM App Connect Enterprise LTS <12.0.5", product_id: "T039346", }, }, { category: "product_version", name: "LTS 12.0.5", product: { name: "IBM App Connect Enterprise LTS 12.0.5", product_id: "T039346-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:lts__12.0.5", }, }, }, { category: "product_version_range", name: "LTS <5.0.22", product: { name: "IBM App Connect Enterprise LTS <5.0.22", product_id: "T039347", }, }, { category: "product_version", name: "LTS 5.0.22", product: { name: "IBM App Connect Enterprise LTS 5.0.22", product_id: "T039347-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:lts__5.0.22", }, }, }, ], category: "product_name", name: "App Connect Enterprise", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM App Connect Enterprise. Dieser Fehler betrifft das Node.js-Modul in den \"Dashboard and DesignerAuthoring\" Komponenten aufgrund einer unsachgemäßen Ressourcenbehandlung in der http-proxy-middleware. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er manipulierte Anfragen an bestimmte Pfade sendet.", }, ], product_status: { known_affected: [ "T039347", "T039346", "T039345", ], }, release_date: "2024-11-19T23:00:00.000+00:00", title: "CVE-2024-21536", }, ], }
wid-sec-w-2025-0043
Vulnerability from csaf_certbund
Published
2025-01-12 23:00
Modified
2025-01-12 23:00
Summary
IBM QRadar SIEM (Log Source Management App): Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um einen Cross-Site-Scripting-Angriff zu starten, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um einen Cross-Site-Scripting-Angriff zu starten, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und Sicherheitsmaßnahmen zu umgehen.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2025-0043 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0043.json", }, { category: "self", summary: "WID-SEC-2025-0043 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0043", }, { category: "external", summary: "IBM Security Bulletin vom 2025-01-12", url: "https://www.ibm.com/support/pages/node/7180725", }, ], source_lang: "en-US", title: "IBM QRadar SIEM (Log Source Management App): Mehrere Schwachstellen", tracking: { current_release_date: "2025-01-12T23:00:00.000+00:00", generator: { date: "2025-01-13T09:08:15.486+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2025-0043", initial_release_date: "2025-01-12T23:00:00.000+00:00", revision_history: [ { date: "2025-01-12T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "Log Source Management App <7.0.11", product: { name: "IBM QRadar SIEM Log Source Management App <7.0.11", product_id: "T040117", }, }, { category: "product_version", name: "Log Source Management App 7.0.11", product: { name: "IBM QRadar SIEM Log Source Management App 7.0.11", product_id: "T040117-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:log_source_management_app__7.0.11", }, }, }, ], category: "product_name", name: "QRadar SIEM", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2024-43788", notes: [ { category: "description", text: "In IBM QRadar SIEM Log Source Management App existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-43788", }, { cve: "CVE-2024-43796", notes: [ { category: "description", text: "In IBM QRadar SIEM Log Source Management App existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-43796", }, { cve: "CVE-2024-43799", notes: [ { category: "description", text: "In IBM QRadar SIEM Log Source Management App existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-43799", }, { cve: "CVE-2024-43800", notes: [ { category: "description", text: "In IBM QRadar SIEM Log Source Management App existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-43800", }, { cve: "CVE-2024-47068", notes: [ { category: "description", text: "In IBM QRadar SIEM Log Source Management App existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-47068", }, { cve: "CVE-2024-47875", notes: [ { category: "description", text: "In IBM QRadar SIEM Log Source Management App existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-47875", }, { cve: "CVE-2024-21536", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-21536", }, { cve: "CVE-2024-21538", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-21538", }, { cve: "CVE-2024-33883", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-33883", }, { cve: "CVE-2024-37890", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-37890", }, { cve: "CVE-2024-4067", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-4067", }, { cve: "CVE-2024-4068", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-4068", }, { cve: "CVE-2024-45296", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-45296", }, { cve: "CVE-2024-45590", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-45590", }, { cve: "CVE-2024-48948", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-48948", }, { cve: "CVE-2024-48949", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-48949", }, { cve: "CVE-2024-52798", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-52798", }, { cve: "CVE-2024-55565", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-55565", }, { cve: "CVE-2024-45801", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM QRadar SIEM Log Source Management App. Diese Schwachstelle betrifft DOMPurify aufgrund eines Prototyp-Verschmutzungsfehlers in der Tiefenprüfung. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-45801", }, { cve: "CVE-2024-42459", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App . Diese Schwachstellen betreffen das Node.js Elliptic-Modul aufgrund fehlender Überprüfungen und unsachgemäßer Behandlung von BER-codierten Signaturen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen und weitere Angriffe zu starten.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-42459", }, { cve: "CVE-2024-42460", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App . Diese Schwachstellen betreffen das Node.js Elliptic-Modul aufgrund fehlender Überprüfungen und unsachgemäßer Behandlung von BER-codierten Signaturen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen und weitere Angriffe zu starten.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-42460", }, { cve: "CVE-2024-42461", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App . Diese Schwachstellen betreffen das Node.js Elliptic-Modul aufgrund fehlender Überprüfungen und unsachgemäßer Behandlung von BER-codierten Signaturen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen und weitere Angriffe zu starten.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-42461", }, { cve: "CVE-2024-47764", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM QRadar SIEM Log Source Management App. Diese Schwachstelle betrifft das jshttp-Cookie aufgrund einer unsachgemäßen Eingabevalidierung von Cookie-Name, -Pfad und -Domäne. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsbeschränkungen zu umgehen und andere Felder des Cookies zu ändern.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-47764", }, ], }
wid-sec-w-2024-3468
Vulnerability from csaf_certbund
Published
2024-11-13 23:00
Modified
2024-11-13 23:00
Summary
Red Hat OpenShift: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3468 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3468.json", }, { category: "self", summary: "WID-SEC-2024-3468 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3468", }, { category: "external", summary: "Red Hat Security Advisory vom 2024-11-13", url: "https://access.redhat.com/errata/RHSA-2024:9627", }, ], source_lang: "en-US", title: "Red Hat OpenShift: Schwachstelle ermöglicht Denial of Service", tracking: { current_release_date: "2024-11-13T23:00:00.000+00:00", generator: { date: "2024-11-14T12:15:23.742+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-3468", initial_release_date: "2024-11-13T23:00:00.000+00:00", revision_history: [ { date: "2024-11-13T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "Service Mesh Containers <2.6.3", product: { name: "Red Hat OpenShift Service Mesh Containers <2.6.3", product_id: "T039183", }, }, { category: "product_version", name: "Service Mesh Containers 2.6.3", product: { name: "Red Hat OpenShift Service Mesh Containers 2.6.3", product_id: "T039183-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:service_mesh_containers__2.6.3", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler existiert im http-proxy-middleware-Paket in den Service Mesh Containern wegen eines unkontrollierten Ressourcenverbrauchs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T039183", ], }, release_date: "2024-11-13T23:00:00.000+00:00", title: "CVE-2024-21536", }, ], }
fkie_cve-2024-21536
Vulnerability from fkie_nvd
Published
2024-10-19 05:15
Modified
2024-11-01 18:03
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chimurai | http-proxy-middleware | * | |
| chimurai | http-proxy-middleware | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*", matchCriteriaId: "A1C31D2C-0CB7-4D28-8658-42632A65F7F3", versionEndExcluding: "2.0.7", vulnerable: true, }, { criteria: "cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*", matchCriteriaId: "A89EB4F5-1978-4172-A52D-8504F87E110E", versionEndExcluding: "3.0.3", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.", }, { lang: "es", value: "Las versiones del paquete http-proxy-middleware anteriores a la 2.0.7, a la 3.0.0 y a la 3.0.3 es vulnerable a un ataque de denegación de servicio (DoS) debido a un error UnhandledPromiseRejection generado por micromatch. Un atacante podría matar el proceso Node.js y bloquear el servidor al realizar solicitudes a determinadas rutas.", }, ], id: "CVE-2024-21536", lastModified: "2024-11-01T18:03:15.897", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "report@snyk.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-19T05:15:13.097", references: [ { source: "report@snyk.io", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { source: "report@snyk.io", tags: [ "Patch", ], url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { source: "report@snyk.io", tags: [ "Patch", ], url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { source: "report@snyk.io", tags: [ "Third Party Advisory", ], url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], sourceIdentifier: "report@snyk.io", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "report@snyk.io", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-c7qv-q95q-8v27
Vulnerability from github
Published
2024-10-19 06:30
Modified
2024-10-22 19:47
Severity ?
Summary
Denial of service in http-proxy-middleware
Details
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
{ affected: [ { package: { ecosystem: "npm", name: "http-proxy-middleware", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "2.0.7", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "npm", name: "http-proxy-middleware", }, ranges: [ { events: [ { introduced: "3.0.0", }, { fixed: "3.0.3", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2024-21536", ], database_specific: { cwe_ids: [ "CWE-400", ], github_reviewed: true, github_reviewed_at: "2024-10-22T19:47:41Z", nvd_published_at: "2024-10-19T05:15:13Z", severity: "HIGH", }, details: "Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.", id: "GHSA-c7qv-q95q-8v27", modified: "2024-10-22T19:47:41Z", published: "2024-10-19T06:30:30Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { type: "WEB", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { type: "WEB", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { type: "WEB", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { type: "PACKAGE", url: "https://github.com/chimurai/http-proxy-middleware", }, { type: "WEB", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], summary: "Denial of service in http-proxy-middleware", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.