Action not permitted
Modal body text goes here.
cve-2024-29903
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:sigstore:cosign:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "cosign", "vendor": "sigstore", "versions": [ { "lessThan": "2.2.4", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-29903", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-03T15:22:56.624321Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-03T18:10:27.323Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:17:58.600Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv" }, { "name": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e" }, { "name": "https://github.com/sigstore/cosign/blob/14795db16417579fac0c00c11e166868d7976b61/pkg/cosign/verify.go#L948-L955", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/sigstore/cosign/blob/14795db16417579fac0c00c11e166868d7976b61/pkg/cosign/verify.go#L948-L955" }, { "name": "https://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70" }, { "name": "https://github.com/sigstore/cosign/releases/tag/v2.2.4", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/sigstore/cosign/releases/tag/v2.2.4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "cosign", "vendor": "sigstore", "versions": [ { "status": "affected", "version": "\u003c 2.2.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates. The exact issue is Cosign allocates excessive memory on the lines that creates a slice of the same length as the manifests. Version 2.2.4 contains a patch for the vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-10T22:30:50.890Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv" }, { "name": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e" }, { "name": "https://github.com/sigstore/cosign/blob/14795db16417579fac0c00c11e166868d7976b61/pkg/cosign/verify.go#L948-L955", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/sigstore/cosign/blob/14795db16417579fac0c00c11e166868d7976b61/pkg/cosign/verify.go#L948-L955" }, { "name": "https://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70" }, { "name": "https://github.com/sigstore/cosign/releases/tag/v2.2.4", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/sigstore/cosign/releases/tag/v2.2.4" } ], "source": { "advisory": "GHSA-95pr-fxf5-86gv", "discovery": "UNKNOWN" }, "title": "Cosign vulnerable to machine-wide denial of service via malicious artifacts" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-29903", "datePublished": "2024-04-10T22:30:50.890Z", "dateReserved": "2024-03-21T15:12:09.000Z", "dateUpdated": "2024-08-02T01:17:58.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-29903\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-04-10T23:15:07.130\",\"lastModified\":\"2024-11-21T09:08:35.040\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates. The exact issue is Cosign allocates excessive memory on the lines that creates a slice of the same length as the manifests. Version 2.2.4 contains a patch for the vulnerability.\"},{\"lang\":\"es\",\"value\":\"Cosign proporciona firma de c\u00f3digo y transparencia para contenedores y binarios. Antes de la versi\u00f3n 2.2.4, los artefactos de software creados con fines malintencionados pod\u00edan provocar la denegaci\u00f3n de servicio de la m\u00e1quina que ejecuta Cosign, lo que afectaba a todos los servicios de la m\u00e1quina. La causa principal es que Cosign crea sectores basados en la cantidad de firmas, manifiestos o certificaciones en artefactos que no son de confianza. Como tal, el artefacto que no es de confianza puede controlar la cantidad de memoria que asigna Cosign. El problema exacto es que Cosign asigna memoria excesiva en las l\u00edneas, lo que crea un segmento de la misma longitud que los manifiestos. La versi\u00f3n 2.2.4 contiene un parche para la vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.5,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"https://github.com/sigstore/cosign/blob/14795db16417579fac0c00c11e166868d7976b61/pkg/cosign/verify.go#L948-L955\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sigstore/cosign/releases/tag/v2.2.4\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sigstore/cosign/blob/14795db16417579fac0c00c11e166868d7976b61/pkg/cosign/verify.go#L948-L955\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/sigstore/cosign/releases/tag/v2.2.4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
rhsa-2024_4836
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features, bug fixes, and updates to patch vulnerabilities.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Release of RHACS 4.5 provides these changes:\n\nNew features:\n\n* Scanner V4 is generally available\n* Vulnerability Management 2.0 is generally available\n* Compliance updates\n* Built-in email notifier in RHACS Cloud Service\n* roxctl installation GitHub action\n* Bring your own PKI for signature verification\n* Build-time network policy tools updates\n* Enhanced RHACS Cloud Service experience\n\nThis releases updates the following items to patch vulnerabilities:\n\n* (CVE-2024-28849) The `follow-redirect` module was updated to 1.15.6.\n* (CVE-2024-29903) Updated `cosign` to 2.2.4.\n* (CVE-2024-29902) Updated `cosign` to 2.2.4.\n\nFor more information on new features and other details, see https://docs.openshift.com/acs/4.5/release_notes/45-release-notes.html.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:4836", "url": "https://access.redhat.com/errata/RHSA-2024:4836" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://docs.openshift.com/acs/4.5/release_notes/45-release-notes.html", "url": "https://docs.openshift.com/acs/4.5/release_notes/45-release-notes.html" }, { "category": "external", "summary": "2269576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576" }, { "category": "external", "summary": "2274504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274504" }, { "category": "external", "summary": "2274508", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274508" }, { "category": "external", "summary": "ROX-25325", "url": "https://issues.redhat.com/browse/ROX-25325" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4836.json" } ], "title": "Red Hat Security Advisory: RHACS 4.5 enhancement and security update", "tracking": { "current_release_date": "2024-12-10T17:00:58+00:00", "generator": { "date": "2024-12-10T17:00:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:4836", "initial_release_date": "2024-07-24T16:18:41+00:00", "revision_history": [ { "date": "2024-07-24T16:18:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-07-24T16:18:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-10T17:00:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHACS 4.5 for RHEL 8", "product": { "name": "RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8" } } } ], "category": "product_family", "name": "Red Hat Advanced Cluster Security for Kubernetes" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "product": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.5.0-2" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.5.0-2" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "product": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.5.0-2" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x" }, "product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64" }, "product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-28849", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2024-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2269576" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "follow-redirects: Possible credential leak", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28849" }, { "category": "external", "summary": "RHBZ#2269576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849" }, { "category": "external", "summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp" } ], "release_date": "2024-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-24T16:18:41+00:00", "details": "To take advantage of the new features, bug fixes, and enhancements in RHACS 4.5, you are advised to upgrade to RHACS 4.5.0.", "product_ids": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4836" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "follow-redirects: Possible credential leak" }, { "cve": "CVE-2024-29902", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2024-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2274508" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Cosign package where a malicious attachment may trigger uncontrolled resource consumption by allocating too much memory. This flaw allows an attacker to craft a malicious attachment, resulting in a denial of service, possibly impacting other applications running on the same system.", "title": "Vulnerability description" }, { "category": "summary", "text": "cosign: Malicious attachments can cause system-wide denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29902" }, { "category": "external", "summary": "RHBZ#2274508", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274508" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29902", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29902" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29902", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29902" }, { "category": "external", "summary": "https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc", "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc" } ], "release_date": "2024-04-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-24T16:18:41+00:00", "details": "To take advantage of the new features, bug fixes, and enhancements in RHACS 4.5, you are advised to upgrade to RHACS 4.5.0.", "product_ids": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4836" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cosign: Malicious attachments can cause system-wide denial of service" }, { "cve": "CVE-2024-29903", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2024-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2274504" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Cosign package where maliciously crafted software artifacts can trigger uncontrolled resource consumption by allocating too much memory and starving out the system. A successful attack may result in a denial of service of the machine running Cosign, impacting availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "cosign: Malicious artifects can cause machine-wide denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29903" }, { "category": "external", "summary": "RHBZ#2274504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274504" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29903", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29903" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29903", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29903" }, { "category": "external", "summary": "https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv", "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv" } ], "release_date": "2024-04-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-24T16:18:41+00:00", "details": "To take advantage of the new features, bug fixes, and enhancements in RHACS 4.5, you are advised to upgrade to RHACS 4.5.0.", "product_ids": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4836" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cosign: Malicious artifects can cause machine-wide denial of service" } ] }
ghsa-95pr-fxf5-86gv
Vulnerability from github
Maliciously-crafted software artifacts can cause denial of service of the machine running Cosign, thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates.
As an example, these lines demonstrate the problem:
https://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70
This Get()
method gets the manifest of the image, allocates a slice equal to the length of the layers in the manifest, loops through the layers and adds a new signature to the slice.
The exact issue is Cosign allocates excessive memory on the lines that creates a slice of the same length as the manifests.
Remediation
Update to the latest version of Cosign, where the number of attestations, signatures and manifests has been limited to a reasonable value.
Cosign PoC
In the case of this API (also referenced above):
https://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70
… The first line can contain a length that is safe for the system and will not throw a runtime panic or be blocked by other safety mechanisms. For the sake of argument, let’s say that the length of m, err := s.Manifest()
is the max allowed (by the machine without throwing OOM panics) manifests minus 1. When Cosign then allocates a new slice on this line: signatures := make([]oci.Signature, 0, len(m.Layers))
, Cosign will allocate more memory than is available and the machine will be denied of service, causing Cosign and all other services on the machine to be unavailable.
To illustrate the issue here, we run a modified version of TestSignedImageIndex()
in pkg/oci/remote
:
https://github.com/sigstore/cosign/blob/14795db16417579fac0c00c11e166868d7976b61/pkg/oci/remote/index_test.go#L31-L57
Here, wantLayers
is the number of manifests from these lines:
https://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L60
To test this, we want to make wantLayers
high enough to not cause a memory on its own but still trigger the machine-wide OOM when a slice gets create with the same length. On my local machine, it would take hours to create a slice of layers that fulfils that criteria, so instead I modify the Cosign production code to reflect a long list of manifests:
golang
// Get implements oci.Signatures
func (s *sigs) Get() ([]oci.Signature, error) {
m, err := s.Manifest()
if err != nil {
return nil, err
}
// Here we imitate a long list of manifests
ms := make([]byte, 2600000000) // imitate a long list of manifests
signatures := make([]oci.Signature, 0, len(ms))
panic("Done")
//signatures := make([]oci.Signature, 0, len(m.Layers))
for _, desc := range m.Layers {
With this modified code, if we can cause an OOM without triggering the panic("Done")
, we have succeeded.
{ "affected": [ { "package": { "ecosystem": "Go", "name": "github.com/sigstore/cosign" }, "ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "2.2.3" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 2.2.3" }, "package": { "ecosystem": "Go", "name": "github.com/sigstore/cosign/v2" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.2.4" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-29903" ], "database_specific": { "cwe_ids": [ "CWE-770" ], "github_reviewed": true, "github_reviewed_at": "2024-04-11T17:15:46Z", "nvd_published_at": "2024-04-10T23:15:07Z", "severity": "MODERATE" }, "details": "Maliciously-crafted software artifacts can cause denial of service of the machine running Cosign, thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates. \n\nAs an example, these lines demonstrate the problem:\n\nhttps://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70 \n\nThis `Get()` method gets the manifest of the image, allocates a slice equal to the length of the layers in the manifest, loops through the layers and adds a new signature to the slice.\n\nThe exact issue is Cosign allocates excessive memory on the lines that creates a slice of the same length as the manifests. \n\n## Remediation\n\nUpdate to the latest version of Cosign, where the number of attestations, signatures and manifests has been limited to a reasonable value.\n\n## Cosign PoC\n\nIn the case of this API (also referenced above):\n\nhttps://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70\n\n\u2026 The first line can contain a length that is safe for the system and will not throw a runtime panic or be blocked by other safety mechanisms. For the sake of argument, let\u2019s say that the length of `m, err := s.Manifest()` is the max allowed (by the machine without throwing OOM panics) manifests minus 1. When Cosign then allocates a new slice on this line: `signatures := make([]oci.Signature, 0, len(m.Layers))`, Cosign will allocate more memory than is available and the machine will be denied of service, causing Cosign and all other services on the machine to be unavailable.\n\nTo illustrate the issue here, we run a modified version of `TestSignedImageIndex()` in `pkg/oci/remote`:\n\nhttps://github.com/sigstore/cosign/blob/14795db16417579fac0c00c11e166868d7976b61/pkg/oci/remote/index_test.go#L31-L57\n\nHere, `wantLayers` is the number of manifests from these lines:\n\nhttps://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L60\n\nTo test this, we want to make `wantLayers` high enough to not cause a memory on its own but still trigger the machine-wide OOM when a slice gets create with the same length. On my local machine, it would take hours to create a slice of layers that fulfils that criteria, so instead I modify the Cosign production code to reflect a long list of manifests:\n\n```golang\n// Get implements oci.Signatures\nfunc (s *sigs) Get() ([]oci.Signature, error) {\n m, err := s.Manifest()\n if err != nil {\n return nil, err\n }\n // Here we imitate a long list of manifests\n ms := make([]byte, 2600000000) // imitate a long list of manifests\n signatures := make([]oci.Signature, 0, len(ms))\n panic(\"Done\")\n //signatures := make([]oci.Signature, 0, len(m.Layers))\n for _, desc := range m.Layers {\n```\n\nWith this modified code, if we can cause an OOM without triggering the `panic(\"Done\")`, we have succeeded.", "id": "GHSA-95pr-fxf5-86gv", "modified": "2024-04-11T17:15:46Z", "published": "2024-04-11T17:15:46Z", "references": [ { "type": "WEB", "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29903" }, { "type": "WEB", "url": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e" }, { "type": "PACKAGE", "url": "https://github.com/sigstore/cosign" }, { "type": "WEB", "url": "https://github.com/sigstore/cosign/blob/14795db16417579fac0c00c11e166868d7976b61/pkg/cosign/verify.go#L948-L955" }, { "type": "WEB", "url": "https://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70" }, { "type": "WEB", "url": "https://github.com/sigstore/cosign/releases/tag/v2.2.4" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "Cosign malicious artifacts can cause machine-wide DoS" }
wid-sec-w-2024-1707
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Red Hat Advanced Cluster Security for Kubernetes ausnutzen, um Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1707 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1707.json" }, { "category": "self", "summary": "WID-SEC-2024-1707 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1707" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2024-07-24", "url": "https://access.redhat.com/errata/RHSA-2024:4836" } ], "source_lang": "en-US", "title": "Red Hat Advanced Cluster Security for Kubernetes: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen", "tracking": { "current_release_date": "2024-07-24T22:00:00.000+00:00", "generator": { "date": "2024-08-15T18:11:44.173+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2024-1707", "initial_release_date": "2024-07-24T22:00:00.000+00:00", "revision_history": [ { "date": "2024-07-24T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "RHACS \u003c4.5.0", "product": { "name": "Red Hat Enterprise Linux RHACS \u003c4.5.0", "product_id": "T036456" } } ], "category": "product_name", "name": "Enterprise Linux" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-28849", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat Advanced Cluster Security for Kubernetes im Paket follow-redirects. W\u00e4hrend der Verarbeitung der dom\u00e4nen\u00fcbergreifenden Umleitung l\u00f6scht follow-redirects die Autorisierungs-Header, vers\u00e4umt es jedoch, die Proxy-Authentifizierungs-Header zu l\u00f6schen, die ebenfalls Anmeldedaten enthalten. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um die Anmeldeinformationen offenzulegen." } ], "release_date": "2024-07-24T22:00:00.000+00:00", "title": "CVE-2024-28849" }, { "cve": "CVE-2024-29902", "notes": [ { "category": "description", "text": "In Red Hat Advanced Cluster Security for Kubernetes existieren mehrere Schwachstellen im Cosign-Paket. Durch b\u00f6swillig erstellte Software-Artefakte oder malizi\u00f6se Anh\u00e4nge kann unkontrollierter Ressourcenverbrauch ausgel\u00f6st werden. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-07-24T22:00:00.000+00:00", "title": "CVE-2024-29902" }, { "cve": "CVE-2024-29903", "notes": [ { "category": "description", "text": "In Red Hat Advanced Cluster Security for Kubernetes existieren mehrere Schwachstellen im Cosign-Paket. Durch b\u00f6swillig erstellte Software-Artefakte oder malizi\u00f6se Anh\u00e4nge kann unkontrollierter Ressourcenverbrauch ausgel\u00f6st werden. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-07-24T22:00:00.000+00:00", "title": "CVE-2024-29903" } ] }
gsd-2024-29903
Vulnerability from gsd
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-29903" ], "details": "Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates. The exact issue is Cosign allocates excessive memory on the lines that creates a slice of the same length as the manifests. Version 2.2.4 contains a patch for the vulnerability.", "id": "GSD-2024-29903", "modified": "2024-04-03T05:02:30.753828Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2024-29903", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "cosign", "version": { "version_data": [ { "version_affected": "=", "version_value": "\u003c 2.2.4" } ] } } ] }, "vendor_name": "sigstore" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates. The exact issue is Cosign allocates excessive memory on the lines that creates a slice of the same length as the manifests. Version 2.2.4 contains a patch for the vulnerability." } ] }, "impact": { "cvss": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-770", "lang": "eng", "value": "CWE-770: Allocation of Resources Without Limits or Throttling" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv", "refsource": "MISC", "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv" }, { "name": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e", "refsource": "MISC", "url": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e" }, { "name": "https://github.com/sigstore/cosign/blob/14795db16417579fac0c00c11e166868d7976b61/pkg/cosign/verify.go#L948-L955", "refsource": "MISC", "url": "https://github.com/sigstore/cosign/blob/14795db16417579fac0c00c11e166868d7976b61/pkg/cosign/verify.go#L948-L955" }, { "name": "https://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70", "refsource": "MISC", "url": "https://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70" }, { "name": "https://github.com/sigstore/cosign/releases/tag/v2.2.4", "refsource": "MISC", "url": "https://github.com/sigstore/cosign/releases/tag/v2.2.4" } ] }, "source": { "advisory": "GHSA-95pr-fxf5-86gv", "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "cve": { "descriptions": [ { "lang": "en", "value": "Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates. The exact issue is Cosign allocates excessive memory on the lines that creates a slice of the same length as the manifests. Version 2.2.4 contains a patch for the vulnerability." } ], "id": "CVE-2024-29903", "lastModified": "2024-04-11T12:47:44.137", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary" } ] }, "published": "2024-04-10T23:15:07.130", "references": [ { "source": "security-advisories@github.com", "url": "https://github.com/sigstore/cosign/blob/14795db16417579fac0c00c11e166868d7976b61/pkg/cosign/verify.go#L948-L955" }, { "source": "security-advisories@github.com", "url": "https://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70" }, { "source": "security-advisories@github.com", "url": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e" }, { "source": "security-advisories@github.com", "url": "https://github.com/sigstore/cosign/releases/tag/v2.2.4" }, { "source": "security-advisories@github.com", "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv" } ], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-770" } ], "source": "security-advisories@github.com", "type": "Secondary" } ] } } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.