Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-30255
Vulnerability from cvelistv5
Published
2024-04-04 19:41
Modified
2025-02-13 17:47
Severity ?
EPSS score ?
Summary
Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.29.0, < 1.29.3 Version: >= 1.28.0, < 1.28.2 Version: >= 1.27.0, < 1.27.4 Version: < 1.26.8 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "envoy", vendor: "envoyproxy", versions: [ { lessThan: "1.29.3", status: "affected", version: "1.29.0", versionType: "custom", }, { lessThan: "1.28.2", status: "affected", version: "1.28.0", versionType: "custom", }, { lessThan: "1.27.4", status: "affected", version: "1.27.0", versionType: "custom", }, { lessThan: "1.26.8", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-30255", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-08T14:58:49.679014Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-16T13:47:51.426Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:32:05.423Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/05/3", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/03/16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "envoy", vendor: "envoyproxy", versions: [ { status: "affected", version: ">= 1.29.0, < 1.29.3", }, { status: "affected", version: ">= 1.28.0, < 1.28.2", }, { status: "affected", version: ">= 1.27.0, < 1.27.4", }, { status: "affected", version: "< 1.26.8", }, ], }, ], descriptions: [ { lang: "en", value: "Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-390", description: "CWE-390: Detection of Error Condition Without Action", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-01T18:07:47.558Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", }, { url: "http://www.openwall.com/lists/oss-security/2024/04/05/3", }, { url: "http://www.openwall.com/lists/oss-security/2024/04/03/16", }, ], source: { advisory: "GHSA-j654-3ccm-vfmm", discovery: "UNKNOWN", }, title: "HTTP/2: CPU exhaustion due to CONTINUATION frame flood", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-30255", datePublished: "2024-04-04T19:41:02.634Z", dateReserved: "2024-03-26T12:52:00.934Z", dateUpdated: "2025-02-13T17:47:46.980Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2024-30255\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-04-04T20:15:08.983\",\"lastModified\":\"2024-11-21T09:11:33.297\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.\"},{\"lang\":\"es\",\"value\":\"Envoy es un proxy de servicio y borde de código abierto, nativo de la nube. La pila de protocolos HTTP/2 en las versiones de Envoy anteriores a 1.29.3, 1.28.2, 1.27.4 y 1.26.8 son vulnerables al agotamiento de la CPU debido a la inundación de tramas de CONTINUACIÓN. El códec HTTP/2 de Envoy permite al cliente enviar un número ilimitado de tramas de CONTINUACIÓN incluso después de exceder los límites del mapa de encabezado de Envoy. Esto permite a un atacante enviar una secuencia de tramas CONTINUATION sin que el bit END_HEADERS esté configurado causando la utilización de la CPU, consumiendo aproximadamente 1 núcleo por cada 300 Mbit/s de tráfico y culminando en una denegación de servicio por agotamiento de la CPU. Los usuarios deben actualizar a la versión 1.29.3, 1.28.2, 1.27.4 o 1.26.8 para mitigar los efectos de la inundación de CONTINUACIÓN. Como workaround, deshabilite el protocolo HTTP/2 para conexiones descendentes.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-390\"}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/03/16\",\"source\":\"security-advisories@github.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/05/3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm\",\"source\":\"security-advisories@github.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/03/16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/05/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm\", \"name\": \"https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/05/3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/03/16\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:32:05.423Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-30255\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-08T14:58:49.679014Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\"], \"vendor\": \"envoyproxy\", \"product\": \"envoy\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.29.0\", \"lessThan\": \"1.29.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.28.0\", \"lessThan\": \"1.28.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.27.0\", \"lessThan\": \"1.27.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.26.8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-16T13:46:10.646Z\"}}], \"cna\": {\"title\": \"HTTP/2: CPU exhaustion due to CONTINUATION frame flood\", \"source\": {\"advisory\": \"GHSA-j654-3ccm-vfmm\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"envoyproxy\", \"product\": \"envoy\", \"versions\": [{\"status\": \"affected\", \"version\": \">= 1.29.0, < 1.29.3\"}, {\"status\": \"affected\", \"version\": \">= 1.28.0, < 1.28.2\"}, {\"status\": \"affected\", \"version\": \">= 1.27.0, < 1.27.4\"}, {\"status\": \"affected\", \"version\": \"< 1.26.8\"}]}], \"references\": [{\"url\": \"https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm\", \"name\": \"https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/05/3\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/03/16\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-390\", \"description\": \"CWE-390: Detection of Error Condition Without Action\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-05-01T18:07:47.558Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-30255\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:47:46.980Z\", \"dateReserved\": \"2024-03-26T12:52:00.934Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-04-04T19:41:02.634Z\", \"assignerShortName\": \"GitHub_M\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
WID-SEC-W-2024-0789
Vulnerability from csaf_certbund
Published
2024-04-03 22:00
Modified
2025-01-19 23:00
Summary
HTTP/2: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
http/2 ist das HyperText Transfer Protocol in Version 2.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstellen in verschiedenen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Appliance
- Linux
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "http/2 ist das HyperText Transfer Protocol in Version 2.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstellen in verschiedenen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Appliance\n- Linux\n- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0789 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0789.json", }, { category: "self", summary: "WID-SEC-2024-0789 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0789", }, { category: "external", summary: "CERT Coordination Center VU#421644 vom 2024-04-03", url: "https://kb.cert.org/vuls/id/421644", }, { category: "external", summary: "Go Package net/http GO-2024-2687 vom 2024-04-03", url: "https://pkg.go.dev/vuln/GO-2024-2687", }, { category: "external", summary: "Arista Security Advisory 0094 vom 2024-04-03", url: "https://www.arista.com/en/support/advisories-notices/security-advisory/19221-security-advisory-0094", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-A00DE83DE9 vom 2024-04-04", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-a00de83de9", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-DA8CDD8414 vom 2024-04-04", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-da8cdd8414", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-EC22E51EC2 vom 2024-04-04", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ec22e51ec2", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2024-866AC60917 vom 2024-04-04", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-866ac60917", }, { category: "external", summary: "Apache 2.4.59 Changes vom 2024-04-04", url: "https://downloads.apache.org/httpd/CHANGES_2.4.59", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-4812897DD1 vom 2024-04-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-4812897dd1", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-1F11550E31 vom 2024-04-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-1f11550e31", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-528301BAC2 vom 2024-04-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-528301bac2", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1121-1 vom 2024-04-05", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018259.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1122-1 vom 2024-04-05", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018261.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1683 vom 2024-04-08", url: "https://access.redhat.com/errata/RHSA-2024:1683", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1681 vom 2024-04-08", url: "https://access.redhat.com/errata/RHSA-2024:1681", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1161-1 vom 2024-04-08", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018265.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1167-1 vom 2024-04-08", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018298.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1156-1 vom 2024-04-08", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018269.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1160-1 vom 2024-04-08", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018266.html", }, { category: "external", summary: "Apache Traffic Server Announce", url: "https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1786 vom 2024-04-11", url: "https://access.redhat.com/errata/RHSA-2024:1786", }, { category: "external", summary: "Ubuntu Security Notice USN-6729-1 vom 2024-04-11", url: "https://ubuntu.com/security/notices/USN-6729-1", }, { category: "external", summary: "Debian Security Advisory DSA-5659 vom 2024-04-14", url: "https://lists.debian.org/debian-security-announce/2024/msg00067.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-1786 vom 2024-04-13", url: "https://linux.oracle.com/errata/ELSA-2024-1786.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-CE2EEFC399 vom 2024-04-16", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ce2eefc399", }, { category: "external", summary: "Debian Security Advisory DSA-5662 vom 2024-04-16", url: "https://lists.debian.org/debian-security-announce/2024/msg00070.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6729-2 vom 2024-04-17", url: "https://ubuntu.com/security/notices/USN-6729-2", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1872 vom 2024-04-18", url: "https://access.redhat.com/errata/RHSA-2024:1872", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-1872 vom 2024-04-19", url: "https://linux.oracle.com/errata/ELSA-2024-1872.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1963 vom 2024-04-23", url: "https://access.redhat.com/errata/RHSA-2024:1963", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1962 vom 2024-04-23", url: "https://access.redhat.com/errata/RHSA-2024:1962", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-1963 vom 2024-04-24", url: "https://linux.oracle.com/errata/ELSA-2024-1963.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-1962 vom 2024-04-24", url: "http://linux.oracle.com/errata/ELSA-2024-1962.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2060 vom 2024-04-25", url: "https://access.redhat.com/errata/RHSA-2024:2060", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1892 vom 2024-04-25", url: "https://access.redhat.com/errata/RHSA-2024:1892", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2062 vom 2024-04-25", url: "https://access.redhat.com/errata/RHSA-2024:2062", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1899 vom 2024-04-25", url: "https://access.redhat.com/errata/RHSA-2024:1899", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2079 vom 2024-04-29", url: "https://access.redhat.com/errata/RHSA-2024:2079", }, { category: "external", summary: "Debian Security Advisory DLA-3799 vom 2024-04-28", url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1897 vom 2024-04-26", url: "https://access.redhat.com/errata/RHSA-2024:1897", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2523 vom 2024-04-29", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2523.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6729-3 vom 2024-04-29", url: "https://ubuntu.com/security/notices/USN-6729-3", }, { category: "external", summary: "Debian Security Advisory DLA-3804 vom 2024-05-01", url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2564 vom 2024-04-30", url: "https://access.redhat.com/errata/RHSA-2024:2564", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2562 vom 2024-04-30", url: "https://access.redhat.com/errata/RHSA-2024:2562", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2625 vom 2024-04-30", url: "https://access.redhat.com/errata/RHSA-2024:2625", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2047 vom 2024-05-02", url: "https://access.redhat.com/errata/RHSA-2024:2049", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2068 vom 2024-05-02", url: "https://access.redhat.com/errata/RHSA-2024:2068", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2699 vom 2024-05-06", url: "https://access.redhat.com/errata/RHSA-2024:2699", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:1786 vom 2024-05-06", url: "https://errata.build.resf.org/RLSA-2024:1786", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:1962 vom 2024-05-06", url: "https://errata.build.resf.org/RLSA-2024:1962", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2693 vom 2024-05-07", url: "https://access.redhat.com/errata/RHSA-2024:2693", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2694 vom 2024-05-07", url: "https://access.redhat.com/errata/RHSA-2024:2694", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2724 vom 2024-05-08", url: "https://linux.oracle.com/errata/ELSA-2024-2724.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2564 vom 2024-05-08", url: "https://linux.oracle.com/errata/ELSA-2024-2564.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2562 vom 2024-05-08", url: "https://linux.oracle.com/errata/ELSA-2024-2562.html", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:2778 vom 2024-05-09", url: "https://errata.build.resf.org/RLSA-2024:2778", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2664 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2664", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2667 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2667", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2668 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2668", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2671 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2671", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2672 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2672", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:2699 vom 2024-05-09", url: "https://errata.build.resf.org/RLSA-2024:2699", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2779 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2779", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2778 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2778", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2780 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2780", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:2779 vom 2024-05-09", url: "https://errata.build.resf.org/RLSA-2024:2779", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:2780 vom 2024-05-09", url: "https://errata.build.resf.org/RLSA-2024:2780", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2699 vom 2024-05-09", url: "https://linux.oracle.com/errata/ELSA-2024-2699.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2778 vom 2024-05-09", url: "https://linux.oracle.com/errata/ELSA-2024-2778.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2780 vom 2024-05-10", url: "https://linux.oracle.com/errata/ELSA-2024-2780.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1627-1 vom 2024-05-13", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018514.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-1935 vom 2024-05-13", url: "https://alas.aws.amazon.com/ALAS-2024-1935.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2779 vom 2024-05-15", url: "https://linux.oracle.com/errata/ELSA-2024-2779.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2773 vom 2024-05-15", url: "https://access.redhat.com/errata/RHSA-2024:2773", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2853 vom 2024-05-15", url: "https://access.redhat.com/errata/RHSA-2024:2853", }, { category: "external", summary: "RedHat Security Advisory", url: "https://access.redhat.com/errata/RHSA-2024:2891", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2853 vom 2024-05-17", url: "https://linux.oracle.com/errata/ELSA-2024-2853.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2892 vom 2024-05-16", url: "https://access.redhat.com/errata/RHSA-2024:2892", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2782 vom 2024-05-16", url: "https://access.redhat.com/errata/RHSA-2024:2782", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2935 vom 2024-05-21", url: "https://access.redhat.com/errata/RHSA-2024:2935", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2907 vom 2024-05-20", url: "https://access.redhat.com/errata/RHSA-2024:2907", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2937 vom 2024-05-21", url: "https://access.redhat.com/errata/RHSA-2024:2937", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2936 vom 2024-05-21", url: "https://access.redhat.com/errata/RHSA-2024:2936", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2910 vom 2024-05-20", url: "https://access.redhat.com/errata/RHSA-2024:2910", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2865 vom 2024-05-21", url: "https://access.redhat.com/errata/RHSA-2024:2865", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2941 vom 2024-05-21", url: "https://access.redhat.com/errata/RHSA-2024:2941", }, { category: "external", summary: "IBM Security Bulletin 7154630 vom 2024-05-22", url: "https://www.ibm.com/support/pages/node/7154630", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3259 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:3259", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3315 vom 2024-05-23", url: "https://access.redhat.com/errata/RHSA-2024:3315", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2910 vom 2024-05-23", url: "https://linux.oracle.com/errata/ELSA-2024-2910.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3346 vom 2024-05-23", url: "https://access.redhat.com/errata/RHSA-2024:3346", }, { category: "external", summary: "Debian Security Advisory DLA-3818 vom 2024-05-25", url: "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1788-1 vom 2024-05-27", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018605.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3417 vom 2024-05-28", url: "https://access.redhat.com/errata/RHSA-2024:3417", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3402 vom 2024-05-28", url: "https://access.redhat.com/errata/RHSA-2024:3402", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3331 vom 2024-05-30", url: "https://access.redhat.com/errata/RHSA-2024:3331", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3479 vom 2024-05-29", url: "https://access.redhat.com/errata/RHSA-2024:3479", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3467 vom 2024-05-29", url: "https://access.redhat.com/errata/RHSA-2024:3467", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3327 vom 2024-05-29", url: "https://access.redhat.com/errata/RHSA-2024:3327", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-3346 vom 2024-05-30", url: "http://linux.oracle.com/errata/ELSA-2024-3346.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3501 vom 2024-05-30", url: "https://access.redhat.com/errata/RHSA-2024:3501", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2728 vom 2024-05-29", url: "https://access.redhat.com/errata/RHSA-2024:2728", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2554 vom 2024-05-30", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2554.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-040 vom 2024-05-30", url: "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-040.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2556 vom 2024-05-30", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2556.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2550 vom 2024-05-30", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2550.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2555 vom 2024-05-30", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2555.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-3259 vom 2024-06-01", url: "https://linux.oracle.com/errata/ELSA-2024-3259.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3544 vom 2024-06-03", url: "https://access.redhat.com/errata/RHSA-2024:3544", }, { category: "external", summary: "Amazon Linux Security Advisory ALASECS-2024-036 vom 2024-05-31", url: "https://alas.aws.amazon.com/AL2/ALASECS-2024-036.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3665 vom 2024-06-06", url: "https://access.redhat.com/errata/RHSA-2024:3665", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3701 vom 2024-06-06", url: "https://access.redhat.com/errata/RHSA-2024:3701", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3763 vom 2024-06-10", url: "https://access.redhat.com/errata/RHSA-2024:3763", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3523 vom 2024-06-10", url: "https://access.redhat.com/errata/RHSA-2024:3523", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1963-1 vom 2024-06-10", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018665.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2568 vom 2024-06-12", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2568.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3875 vom 2024-06-13", url: "https://access.redhat.com/errata/RHSA-2024:3875", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:2853 vom 2024-06-14", url: "https://errata.build.resf.org/RLSA-2024:2853", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:2910 vom 2024-06-14", url: "https://errata.build.resf.org/RLSA-2024:2910", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3885 vom 2024-06-19", url: "https://access.redhat.com/errata/RHSA-2024:3885", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:2108-1 vom 2024-06-20", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018771.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4023 vom 2024-06-21", url: "https://access.redhat.com/errata/RHSA-2024:4023", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4034 vom 2024-06-21", url: "https://access.redhat.com/errata/RHSA-2024:4034", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-3501 vom 2024-06-21", url: "https://linux.oracle.com/errata/ELSA-2024-3501.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4010 vom 2024-06-26", url: "https://access.redhat.com/errata/RHSA-2024:4010", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4006 vom 2024-06-27", url: "https://access.redhat.com/errata/RHSA-2024:4006", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4041 vom 2024-06-26", url: "https://access.redhat.com/errata/RHSA-2024:4041", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4125 vom 2024-06-26", url: "https://access.redhat.com/errata/RHSA-2024:4125", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4146 vom 2024-06-27", url: "https://access.redhat.com/errata/RHSA-2024:4146", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4126 vom 2024-06-26", url: "https://access.redhat.com/errata/RHSA-2024:4126", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2524 vom 2024-06-28", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2524.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-1931 vom 2024-06-28", url: "https://alas.aws.amazon.com/ALAS-2024-1931.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4252 vom 2024-07-03", url: "https://access.redhat.com/errata/RHSA-2024:4252", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-4252 vom 2024-07-03", url: "https://linux.oracle.com/errata/ELSA-2024-4252.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4390 vom 2024-07-08", url: "https://access.redhat.com/errata/RHSA-2024:4390", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4392 vom 2024-07-09", url: "https://access.redhat.com/errata/RHSA-2024:4392", }, { category: "external", summary: "IBM Security Bulletin 7159857 vom 2024-07-09", url: "https://www.ibm.com/support/pages/node/7159857", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4321 vom 2024-07-10", url: "https://access.redhat.com/errata/RHSA-2024:4321", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4464 vom 2024-07-11", url: "https://access.redhat.com/errata/RHSA-2024:4464", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4520 vom 2024-07-11", url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "external", summary: "IBM Security Bulletin 7160134 vom 2024-07-12", url: "https://www.ibm.com/support/pages/node/7160134", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4545 vom 2024-07-15", url: "https://access.redhat.com/errata/RHSA-2024:4545", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4546 vom 2024-07-15", url: "https://access.redhat.com/errata/RHSA-2024:4546", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4543 vom 2024-07-15", url: "https://access.redhat.com/errata/RHSA-2024:4543", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4484 vom 2024-07-17", url: "https://access.redhat.com/errata/RHSA-2024:4484", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4576 vom 2024-07-17", url: "https://access.redhat.com/errata/RHSA-2024:4576", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18", url: "https://access.redhat.com/errata/RHSA-2024:4631", }, { category: "external", summary: "Amazon Linux Security Advisory ALASECS-2024-039 vom 2024-07-23", url: "https://alas.aws.amazon.com/AL2/ALASECS-2024-039.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4721 vom 2024-07-23", url: "https://access.redhat.com/errata/RHSA-2024:4721", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4732 vom 2024-07-23", url: "https://access.redhat.com/errata/RHSA-2024:4732", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4677 vom 2024-07-25", url: "https://access.redhat.com/errata/RHSA-2024:4677", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4824 vom 2024-07-24", url: "https://access.redhat.com/errata/RHSA-2024:4824", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4922 vom 2024-07-31", url: "https://access.redhat.com/errata/RHSA-2024:4922", }, { category: "external", summary: "IBM Security Bulletin 7161954 vom 2024-07-30", url: "https://www.ibm.com/support/pages/node/7161954", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1167-2 vom 2024-07-31", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019073.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4934 vom 2024-07-31", url: "https://access.redhat.com/errata/RHSA-2024:4934", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1868-1 vom 2024-07-31", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019070.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4933 vom 2024-07-31", url: "https://access.redhat.com/errata/RHSA-2024:4933", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4982 vom 2024-08-02", url: "https://access.redhat.com/errata/RHSA-2024:4982", }, { category: "external", summary: "IBM Security Bulletin 7162191 vom 2024-08-01", url: "https://www.ibm.com/support/pages/node/7162191", }, { category: "external", summary: "Dell Security Advisory DSA-2024-348 vom 2024-08-06", url: "https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202408-07 vom 2024-08-07", url: "https://security.gentoo.org/glsa/202408-07", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4960 vom 2024-08-07", url: "https://access.redhat.com/errata/RHSA-2024:4960", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202408-10 vom 2024-08-07", url: "https://security.gentoo.org/glsa/202408-10", }, { category: "external", summary: "IBM Security Bulletin 7162272 vom 2024-08-08", url: "https://www.ibm.com/support/pages/node/7162272", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5143 vom 2024-08-09", url: "https://access.redhat.com/errata/RHSA-2024:5143", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5144 vom 2024-08-09", url: "https://access.redhat.com/errata/RHSA-2024:5144", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5145 vom 2024-08-09", url: "https://access.redhat.com/errata/RHSA-2024:5145", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5147 vom 2024-08-09", url: "https://access.redhat.com/errata/RHSA-2024:5147", }, { category: "external", summary: "IBM Security Bulletin 7165265 vom 2024-08-12", url: "https://www.ibm.com/support/pages/node/7165265", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2618 vom 2024-08-13", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2618.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-5193 vom 2024-08-14", url: "https://linux.oracle.com/errata/ELSA-2024-5193.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASDOCKER-2024-042 vom 2024-08-21", url: "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-042.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-043 vom 2024-08-21", url: "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-043.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3098-1 vom 2024-09-03", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019363.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6004 vom 2024-09-04", url: "https://access.redhat.com/errata/RHSA-2024:6004", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3089-1 vom 2024-09-03", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019369.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3097-1 vom 2024-09-03", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019364.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6221 vom 2024-09-03", url: "https://access.redhat.com/errata/RHSA-2024:6221", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3155-1 vom 2024-09-06", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/T5LFLVGNA2FSZS3KR7555733PGXOIY4S/", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6409 vom 2024-09-11", url: "https://access.redhat.com/errata/RHSA-2024:6409", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6406 vom 2024-09-12", url: "https://access.redhat.com/errata/RHSA-2024:6406", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6642 vom 2024-09-18", url: "https://access.redhat.com/errata/RHSA-2024:6642", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3344-1 vom 2024-09-19", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019471.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3341-1 vom 2024-09-19", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019474.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3343-1 vom 2024-09-19", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019472.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3342-1 vom 2024-09-19", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019473.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6811 vom 2024-09-25", url: "https://access.redhat.com/errata/RHSA-2024:6811", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7164 vom 2024-09-26", url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "external", summary: "Debian Security Advisory DLA-3898 vom 2024-09-27", url: "https://lists.debian.org/debian-lts-announce/2024/09/msg00041.html", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202409-31 vom 2024-09-28", url: "https://security.gentoo.org/glsa/202409-31", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2645 vom 2024-10-02", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2645.html", }, { category: "external", summary: "Dell Security Advisory DSA-2024-422 vom 2024-10-10", url: "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities", }, { category: "external", summary: "Dell Security Advisory DSA-2024-423 vom 2024-10-11", url: "https://www.dell.com/support/kbdoc/de-de/000235068/dsa-2024-423-security-update-for-dell-networker-and-networker-management-console-nmc-multiple-component-vulnerabilities", }, { category: "external", summary: "IBM Security Bulletin 7173018 vom 2024-10-14", url: "https://www.ibm.com/support/pages/node/7173018", }, { category: "external", summary: "Splunk Security Advisory SVD-2024-1012 vom 2024-10-14", url: "https://advisory.splunk.com//advisories/SVD-2024-1012", }, { category: "external", summary: "openSUSE Security Update OPENSUSE-SU-2024:14399-1 vom 2024-10-15", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4SYE7WTKUNXNTHQW42V7UBGJBEQBHRTP/", }, { category: "external", summary: "openSUSE Security Update OPENSUSE-SU-2024:14400-1 vom 2024-10-15", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4ZZCCVQLIJ7QABQ7SEQNIICQGIOXKWPA/", }, { category: "external", summary: "IBM Security Bulletin 7173744 vom 2024-10-22", url: "https://www.ibm.com/support/pages/node/7173744", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3755-1 vom 2024-10-24", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/IDZD3NVTACJTTUYRJDCRM2C2RTOJVHD6/", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8235 vom 2024-10-23", url: "https://access.redhat.com/errata/RHSA-2024:8235", }, { category: "external", summary: "IBM Security Bulletin", url: "https://www.ibm.com/support/pages/node/7174634", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8692 vom 2024-11-07", url: "https://access.redhat.com/errata/RHSA-2024:8692", }, { category: "external", summary: "Ubuntu Security Notice USN-7111-1 vom 2024-11-14", url: "https://ubuntu.com/security/notices/USN-7111-1", }, { category: "external", summary: "Ubuntu Security Notice USN-7109-1 vom 2024-11-14", url: "https://ubuntu.com/security/notices/USN-7109-1", }, { category: "external", summary: "XEROX Security Advisory XRX24-017 vom 2024-11-21", url: "https://securitydocs.business.xerox.com/wp-content/uploads/2024/11/Xerox-Security-Bulletin-XRX24-017-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf", }, { category: "external", summary: "XEROX Security Advisory XRX25-001 vom 2025-01-13", url: "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-001-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf", }, { category: "external", summary: "HPE Security Bulletin vom 2025-01-17", url: "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04773en_us&docLocale=en_US", }, ], source_lang: "en-US", title: "HTTP/2: Mehrere Schwachstellen ermöglichen Denial of Service", tracking: { current_release_date: "2025-01-19T23:00:00.000+00:00", generator: { date: "2025-01-20T09:27:52.258+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-0789", initial_release_date: "2024-04-03T22:00:00.000+00:00", revision_history: [ { date: "2024-04-03T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-04-04T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2024-04-07T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Fedora und SUSE aufgenommen", }, { date: "2024-04-08T22:00:00.000+00:00", number: "4", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-04-10T22:00:00.000+00:00", number: "5", summary: "Neue Updates aufgenommen", }, { date: "2024-04-11T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat und Ubuntu aufgenommen", }, { date: "2024-04-14T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Debian und Oracle Linux aufgenommen", }, { date: "2024-04-16T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2024-04-17T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Ubuntu und Red Hat aufgenommen", }, { date: "2024-04-18T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-04-22T22:00:00.000+00:00", number: "11", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-04-23T22:00:00.000+00:00", number: "12", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-04-24T22:00:00.000+00:00", number: "13", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-04-25T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-04-28T22:00:00.000+00:00", number: "15", summary: "Neue Updates von Red Hat und Debian aufgenommen", }, { date: "2024-04-29T22:00:00.000+00:00", number: "16", summary: "Neue Updates von Amazon und Ubuntu aufgenommen", }, { date: "2024-05-01T22:00:00.000+00:00", number: "17", summary: "Neue Updates von Debian und Red Hat aufgenommen", }, { date: "2024-05-02T22:00:00.000+00:00", number: "18", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-05T22:00:00.000+00:00", number: "19", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-06T22:00:00.000+00:00", number: "20", summary: "Neue Updates von Rocky Enterprise Software Foundation aufgenommen", }, { date: "2024-05-07T22:00:00.000+00:00", number: "21", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2024-05-09T22:00:00.000+00:00", number: "22", summary: "Neue Updates von Rocky Enterprise Software Foundation, Red Hat und Oracle Linux aufgenommen", }, { date: "2024-05-12T22:00:00.000+00:00", number: "23", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-05-13T22:00:00.000+00:00", number: "24", summary: "Neue Updates von SUSE und Amazon aufgenommen", }, { date: "2024-05-14T22:00:00.000+00:00", number: "25", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-05-15T22:00:00.000+00:00", number: "26", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-16T22:00:00.000+00:00", number: "27", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2024-05-20T22:00:00.000+00:00", number: "28", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-21T22:00:00.000+00:00", number: "29", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-05-22T22:00:00.000+00:00", number: "30", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-23T22:00:00.000+00:00", number: "31", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-26T22:00:00.000+00:00", number: "32", summary: "Neue Updates von Debian aufgenommen", }, { date: "2024-05-27T22:00:00.000+00:00", number: "33", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-05-28T22:00:00.000+00:00", number: "34", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-30T22:00:00.000+00:00", number: "35", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2024-06-02T22:00:00.000+00:00", number: "36", summary: "Neue Updates von Oracle Linux, Red Hat und Amazon aufgenommen", }, { date: "2024-06-05T22:00:00.000+00:00", number: "37", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-06T22:00:00.000+00:00", number: "38", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-10T22:00:00.000+00:00", number: "39", summary: "Neue Updates von Red Hat und SUSE aufgenommen", }, { date: "2024-06-11T22:00:00.000+00:00", number: "40", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-06-12T22:00:00.000+00:00", number: "41", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-16T22:00:00.000+00:00", number: "42", summary: "Neue Updates von Rocky Enterprise Software Foundation aufgenommen", }, { date: "2024-06-18T22:00:00.000+00:00", number: "43", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-20T22:00:00.000+00:00", number: "44", summary: "Neue Updates von SUSE und Red Hat aufgenommen", }, { date: "2024-06-25T22:00:00.000+00:00", number: "45", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-26T22:00:00.000+00:00", number: "46", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-30T22:00:00.000+00:00", number: "47", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-07-02T22:00:00.000+00:00", number: "48", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2024-07-08T22:00:00.000+00:00", number: "49", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-09T22:00:00.000+00:00", number: "50", summary: "Neue Updates von IBM und IBM-APAR aufgenommen", }, { date: "2024-07-10T22:00:00.000+00:00", number: "51", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-11T22:00:00.000+00:00", number: "52", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-15T22:00:00.000+00:00", number: "53", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-16T22:00:00.000+00:00", number: "54", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-18T22:00:00.000+00:00", number: "55", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-22T22:00:00.000+00:00", number: "56", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-07-23T22:00:00.000+00:00", number: "57", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-24T22:00:00.000+00:00", number: "58", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-30T22:00:00.000+00:00", number: "59", summary: "Neue Updates von Red Hat und IBM aufgenommen", }, { date: "2024-07-31T22:00:00.000+00:00", number: "60", summary: "Neue Updates von SUSE und Red Hat aufgenommen", }, { date: "2024-08-01T22:00:00.000+00:00", number: "61", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-05T22:00:00.000+00:00", number: "62", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-08-06T22:00:00.000+00:00", number: "63", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-08-07T22:00:00.000+00:00", number: "64", summary: "Neue Updates von Red Hat und Gentoo aufgenommen", }, { date: "2024-08-08T22:00:00.000+00:00", number: "65", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-11T22:00:00.000+00:00", number: "66", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-08-13T22:00:00.000+00:00", number: "67", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-08-14T22:00:00.000+00:00", number: "68", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-08-21T22:00:00.000+00:00", number: "69", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-09-03T22:00:00.000+00:00", number: "70", summary: "Neue Updates von SUSE und Red Hat aufgenommen", }, { date: "2024-09-08T22:00:00.000+00:00", number: "71", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-09-11T22:00:00.000+00:00", number: "72", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-17T22:00:00.000+00:00", number: "73", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-19T22:00:00.000+00:00", number: "74", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-09-24T22:00:00.000+00:00", number: "75", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-25T22:00:00.000+00:00", number: "76", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-29T22:00:00.000+00:00", number: "77", summary: "Neue Updates von Debian und Gentoo aufgenommen", }, { date: "2024-10-03T22:00:00.000+00:00", number: "78", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-10-09T22:00:00.000+00:00", number: "79", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-10-10T22:00:00.000+00:00", number: "80", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-10-13T22:00:00.000+00:00", number: "81", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-10-14T22:00:00.000+00:00", number: "82", summary: "Neue Updates von Splunk-SVD aufgenommen", }, { date: "2024-10-15T22:00:00.000+00:00", number: "83", summary: "Neue Updates von openSUSE aufgenommen", }, { date: "2024-10-22T22:00:00.000+00:00", number: "84", summary: "Neue Updates von IBM und IBM-APAR aufgenommen", }, { date: "2024-10-23T22:00:00.000+00:00", number: "85", summary: "Neue Updates von SUSE und Red Hat aufgenommen", }, { date: "2024-10-31T23:00:00.000+00:00", number: "86", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-11-06T23:00:00.000+00:00", number: "87", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-14T23:00:00.000+00:00", number: "88", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2024-11-21T23:00:00.000+00:00", number: "89", summary: "Neue Updates von XEROX aufgenommen", }, { date: "2024-12-15T23:00:00.000+00:00", number: "90", summary: "Referenz(en) aufgenommen: 7178947", }, { date: "2025-01-12T23:00:00.000+00:00", number: "91", summary: "Neue Updates von XEROX aufgenommen", }, { date: "2025-01-19T23:00:00.000+00:00", number: "92", summary: "Neue Updates von HP aufgenommen", }, ], status: "final", version: "92", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { branches: [ { category: "product_version_range", name: "<2.4.59", product: { name: "Apache HTTP Server <2.4.59", product_id: "T033904", }, }, { category: "product_version", name: "2.4.59", product: { name: "Apache HTTP Server 2.4.59", product_id: "T033904-fixed", product_identification_helper: { cpe: "cpe:/a:apache:http_server:2.4.59", }, }, }, ], category: "product_name", name: "HTTP Server", }, { branches: [ { category: "product_version_range", name: "<8.1.10", product: { name: "Apache Traffic Server <8.1.10", product_id: "T034079", }, }, { category: "product_version", name: "8.1.10", product: { name: "Apache Traffic Server 8.1.10", product_id: "T034079-fixed", product_identification_helper: { cpe: "cpe:/a:apache:traffic_server:8.1.10", }, }, }, { category: "product_version_range", name: "<9.2.4", product: { name: "Apache Traffic Server <9.2.4", product_id: "T034080", }, }, { category: "product_version", name: "9.2.4", product: { name: "Apache Traffic Server 9.2.4", product_id: "T034080-fixed", product_identification_helper: { cpe: "cpe:/a:apache:traffic_server:9.2.4", }, }, }, ], category: "product_name", name: "Traffic Server", }, ], category: "vendor", name: "Apache", }, { branches: [ { category: "product_name", name: "Arista EOS", product: { name: "Arista EOS", product_id: "T033896", product_identification_helper: { cpe: "cpe:/o:arista:arista_eos:-", }, }, }, ], category: "vendor", name: "Arista", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { branches: [ { category: "product_name", name: "Dell NetWorker", product: { name: "Dell NetWorker", product_id: "T024663", product_identification_helper: { cpe: "cpe:/a:dell:networker:-", }, }, }, { category: "product_version_range", name: "<19.10.0.5", product: { name: "Dell NetWorker <19.10.0.5", product_id: "T038270", }, }, { category: "product_version", name: "19.10.0.5", product: { name: "Dell NetWorker 19.10.0.5", product_id: "T038270-fixed", product_identification_helper: { cpe: "cpe:/a:dell:networker:19.10.0.5", }, }, }, ], category: "product_name", name: "NetWorker", }, ], category: "vendor", name: "Dell", }, { branches: [ { category: "product_name", name: "EMC Avamar", product: { name: "EMC Avamar", product_id: "T014381", product_identification_helper: { cpe: "cpe:/a:emc:avamar:-", }, }, }, ], category: "vendor", name: "EMC", }, { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version_range", name: "<1.22.2", product: { name: "Golang Go <1.22.2", product_id: "T033893", }, }, { category: "product_version", name: "1.22.2", product: { name: "Golang Go 1.22.2", product_id: "T033893-fixed", product_identification_helper: { cpe: "cpe:/a:golang:go:1.22.2", }, }, }, ], category: "product_name", name: "Go", }, ], category: "vendor", name: "Golang", }, { branches: [ { branches: [ { category: "product_version_range", name: "<11.31", product: { name: "HPE HP-UX <11.31", product_id: "T040402", }, }, { category: "product_version", name: "11.31", product: { name: "HPE HP-UX 11.31", product_id: "T040402-fixed", product_identification_helper: { cpe: "cpe:/o:hp:hp-ux:11.31", }, }, }, ], category: "product_name", name: "HP-UX", }, ], category: "vendor", name: "HPE", }, { branches: [ { category: "product_name", name: "IBM App Connect Enterprise", product: { name: "IBM App Connect Enterprise", product_id: "T032495", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:-", }, }, }, { branches: [ { category: "product_version_range", name: "<10.5.0.12", product: { name: "IBM DataPower Gateway <10.5.0.12", product_id: "T035904", }, }, { category: "product_version", name: "10.5.0.12", product: { name: "IBM DataPower Gateway 10.5.0.12", product_id: "T035904-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:datapower_gateway:10.5.0.12", }, }, }, { category: "product_version_range", name: "<10.6.0.0", product: { name: "IBM DataPower Gateway <10.6.0.0", product_id: "T035905", }, }, { category: "product_version", name: "10.6.0.0", product: { name: "IBM DataPower Gateway 10.6.0.0", product_id: "T035905-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:datapower_gateway:10.6.0.0", }, }, }, ], category: "product_name", name: "DataPower Gateway", }, { branches: [ { category: "product_version_range", name: "Operator <3.1.3", product: { name: "IBM MQ Operator <3.1.3", product_id: "T034999", }, }, { category: "product_version", name: "Operator 3.1.3", product: { name: "IBM MQ Operator 3.1.3", product_id: "T034999-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:mq:operator__3.1.3", }, }, }, { category: "product_version_range", name: "Operator <2.0.22 LTS", product: { name: "IBM MQ Operator <2.0.22 LTS", product_id: "T035000", }, }, { category: "product_version", name: "Operator 2.0.22 LTS", product: { name: "IBM MQ Operator 2.0.22 LTS", product_id: "T035000-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:mq:operator__2.0.22_lts", }, }, }, { category: "product_version", name: "Operator", product: { name: "IBM MQ Operator", product_id: "T036688", product_identification_helper: { cpe: "cpe:/a:ibm:mq:operator", }, }, }, ], category: "product_name", name: "MQ", }, { branches: [ { category: "product_version", name: "v10", product: { name: "IBM Power Hardware Management Console v10", product_id: "T023373", product_identification_helper: { cpe: "cpe:/a:ibm:hardware_management_console:v10", }, }, }, ], category: "product_name", name: "Power Hardware Management Console", }, { branches: [ { category: "product_version_range", name: "<7.5.0 UP9", product: { name: "IBM QRadar SIEM <7.5.0 UP9", product_id: "T036127", }, }, { category: "product_version", name: "7.5.0 UP9", product: { name: "IBM QRadar SIEM 7.5.0 UP9", product_id: "T036127-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5.0_up9", }, }, }, { category: "product_version_range", name: "<7.5.0 UP10 IF01", product: { name: "IBM QRadar SIEM <7.5.0 UP10 IF01", product_id: "T038741", }, }, { category: "product_version", name: "7.5.0 UP10 IF01", product: { name: "IBM QRadar SIEM 7.5.0 UP10 IF01", product_id: "T038741-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01", }, }, }, ], category: "product_name", name: "QRadar SIEM", }, { branches: [ { category: "product_version_range", name: "<8.0.0.27", product: { name: "IBM Rational Build Forge <8.0.0.27", product_id: "T038286", }, }, { category: "product_version", name: "8.0.0.27", product: { name: "IBM Rational Build Forge 8.0.0.27", product_id: "T038286-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:rational_build_forge:8.0.0.27", }, }, }, ], category: "product_name", name: "Rational Build Forge", }, { branches: [ { category: "product_version_range", name: "<10.1.16.2", product: { name: "IBM Spectrum Protect Plus <10.1.16.2", product_id: "T036379", }, }, { category: "product_version", name: "10.1.16.2", product: { name: "IBM Spectrum Protect Plus 10.1.16.2", product_id: "T036379-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:spectrum_protect_plus:10.1.16.2", }, }, }, ], category: "product_name", name: "Spectrum Protect Plus", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Open Source nghttp2", product: { name: "Open Source nghttp2", product_id: "T033895", product_identification_helper: { cpe: "cpe:/a:nghttp2:nghttp2:-", }, }, }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "RESF Rocky Linux", product: { name: "RESF Rocky Linux", product_id: "T032255", product_identification_helper: { cpe: "cpe:/o:resf:rocky_linux:-", }, }, }, ], category: "vendor", name: "RESF", }, { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_version", name: "Advanced Cluster Security for Kubernetes 4", product: { name: "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4", product_id: "T027916", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4", }, }, }, ], category: "product_name", name: "Enterprise Linux", }, { branches: [ { category: "product_version", name: "Virtualization 4.13", product: { name: "Red Hat OpenShift Virtualization 4.13", product_id: "T027763", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:virtualization_4.13", }, }, }, { category: "product_version", name: "Container Platform 4.14", product: { name: "Red Hat OpenShift Container Platform 4.14", product_id: "T031393", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform_4.14.4", }, }, }, { category: "product_version_range", name: "Container Platform <4.15", product: { name: "Red Hat OpenShift Container Platform <4.15", product_id: "T034232", }, }, { category: "product_version", name: "Container Platform 4.15", product: { name: "Red Hat OpenShift Container Platform 4.15", product_id: "T034232-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.15", }, }, }, { category: "product_version_range", name: "Container Platform <4.15.12", product: { name: "Red Hat OpenShift Container Platform <4.15.12", product_id: "T034661", }, }, { category: "product_version", name: "Container Platform 4.15.12", product: { name: "Red Hat OpenShift Container Platform 4.15.12", product_id: "T034661-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.15.12", }, }, }, { category: "product_version_range", name: "Container Platform <4.14.24", product: { name: "Red Hat OpenShift Container Platform <4.14.24", product_id: "T034662", }, }, { category: "product_version", name: "Container Platform 4.14.24", product: { name: "Red Hat OpenShift Container Platform 4.14.24", product_id: "T034662-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.14.24", }, }, }, { category: "product_version_range", name: "Container Platform <4.15.14", product: { name: "Red Hat OpenShift Container Platform <4.15.14", product_id: "T034932", }, }, { category: "product_version", name: "Container Platform 4.15.14", product: { name: "Red Hat OpenShift Container Platform 4.15.14", product_id: "T034932-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.15.14", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, { category: "product_name", name: "SUSE openSUSE", product: { name: "SUSE openSUSE", product_id: "T027843", product_identification_helper: { cpe: "cpe:/o:suse:opensuse:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Specification http/2", product: { name: "Specification http/2", product_id: "T033894", product_identification_helper: { cpe: "cpe:/a:ietf:http2:-", }, }, }, ], category: "vendor", name: "Specification", }, { branches: [ { branches: [ { category: "product_version_range", name: "<9.3.1", product: { name: "Splunk Splunk Enterprise <9.3.1", product_id: "T038314", }, }, { category: "product_version", name: "9.3.1", product: { name: "Splunk Splunk Enterprise 9.3.1", product_id: "T038314-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.3.1", }, }, }, { category: "product_version_range", name: "<9.2.3", product: { name: "Splunk Splunk Enterprise <9.2.3", product_id: "T038315", }, }, { category: "product_version", name: "9.2.3", product: { name: "Splunk Splunk Enterprise 9.2.3", product_id: "T038315-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.2.3", }, }, }, { category: "product_version_range", name: "<9.1.6", product: { name: "Splunk Splunk Enterprise <9.1.6", product_id: "T038316", }, }, { category: "product_version", name: "9.1.6", product: { name: "Splunk Splunk Enterprise 9.1.6", product_id: "T038316-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.1.6", }, }, }, ], category: "product_name", name: "Splunk Enterprise", }, ], category: "vendor", name: "Splunk", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, { branches: [ { branches: [ { category: "product_version", name: "v9", product: { name: "Xerox FreeFlow Print Server v9", product_id: "T015632", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9", }, }, }, { category: "product_version", name: "v9 for Solaris", product: { name: "Xerox FreeFlow Print Server v9 for Solaris", product_id: "T028053", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9_for_solaris", }, }, }, ], category: "product_name", name: "FreeFlow Print Server", }, ], category: "vendor", name: "Xerox", }, ], }, vulnerabilities: [ { cve: "CVE-2023-45288", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2023-45288", }, { cve: "CVE-2024-2653", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2024-2653", }, { cve: "CVE-2024-27316", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2024-27316", }, { cve: "CVE-2024-2758", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2024-2758", }, { cve: "CVE-2024-27919", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2024-27919", }, { cve: "CVE-2024-28182", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2024-28182", }, { cve: "CVE-2024-30255", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2024-30255", }, { cve: "CVE-2024-31309", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2024-31309", }, ], }
wid-sec-w-2024-0789
Vulnerability from csaf_certbund
Published
2024-04-03 22:00
Modified
2025-01-19 23:00
Summary
HTTP/2: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
http/2 ist das HyperText Transfer Protocol in Version 2.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstellen in verschiedenen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Appliance
- Linux
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "http/2 ist das HyperText Transfer Protocol in Version 2.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstellen in verschiedenen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Appliance\n- Linux\n- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0789 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0789.json", }, { category: "self", summary: "WID-SEC-2024-0789 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0789", }, { category: "external", summary: "CERT Coordination Center VU#421644 vom 2024-04-03", url: "https://kb.cert.org/vuls/id/421644", }, { category: "external", summary: "Go Package net/http GO-2024-2687 vom 2024-04-03", url: "https://pkg.go.dev/vuln/GO-2024-2687", }, { category: "external", summary: "Arista Security Advisory 0094 vom 2024-04-03", url: "https://www.arista.com/en/support/advisories-notices/security-advisory/19221-security-advisory-0094", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-A00DE83DE9 vom 2024-04-04", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-a00de83de9", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-DA8CDD8414 vom 2024-04-04", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-da8cdd8414", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-EC22E51EC2 vom 2024-04-04", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ec22e51ec2", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2024-866AC60917 vom 2024-04-04", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-866ac60917", }, { category: "external", summary: "Apache 2.4.59 Changes vom 2024-04-04", url: "https://downloads.apache.org/httpd/CHANGES_2.4.59", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-4812897DD1 vom 2024-04-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-4812897dd1", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-1F11550E31 vom 2024-04-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-1f11550e31", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-528301BAC2 vom 2024-04-05", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-528301bac2", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1121-1 vom 2024-04-05", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018259.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1122-1 vom 2024-04-05", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018261.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1683 vom 2024-04-08", url: "https://access.redhat.com/errata/RHSA-2024:1683", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1681 vom 2024-04-08", url: "https://access.redhat.com/errata/RHSA-2024:1681", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1161-1 vom 2024-04-08", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018265.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1167-1 vom 2024-04-08", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018298.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1156-1 vom 2024-04-08", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018269.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1160-1 vom 2024-04-08", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018266.html", }, { category: "external", summary: "Apache Traffic Server Announce", url: "https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1786 vom 2024-04-11", url: "https://access.redhat.com/errata/RHSA-2024:1786", }, { category: "external", summary: "Ubuntu Security Notice USN-6729-1 vom 2024-04-11", url: "https://ubuntu.com/security/notices/USN-6729-1", }, { category: "external", summary: "Debian Security Advisory DSA-5659 vom 2024-04-14", url: "https://lists.debian.org/debian-security-announce/2024/msg00067.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-1786 vom 2024-04-13", url: "https://linux.oracle.com/errata/ELSA-2024-1786.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-CE2EEFC399 vom 2024-04-16", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ce2eefc399", }, { category: "external", summary: "Debian Security Advisory DSA-5662 vom 2024-04-16", url: "https://lists.debian.org/debian-security-announce/2024/msg00070.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6729-2 vom 2024-04-17", url: "https://ubuntu.com/security/notices/USN-6729-2", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1872 vom 2024-04-18", url: "https://access.redhat.com/errata/RHSA-2024:1872", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-1872 vom 2024-04-19", url: "https://linux.oracle.com/errata/ELSA-2024-1872.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1963 vom 2024-04-23", url: "https://access.redhat.com/errata/RHSA-2024:1963", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1962 vom 2024-04-23", url: "https://access.redhat.com/errata/RHSA-2024:1962", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-1963 vom 2024-04-24", url: "https://linux.oracle.com/errata/ELSA-2024-1963.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-1962 vom 2024-04-24", url: "http://linux.oracle.com/errata/ELSA-2024-1962.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2060 vom 2024-04-25", url: "https://access.redhat.com/errata/RHSA-2024:2060", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1892 vom 2024-04-25", url: "https://access.redhat.com/errata/RHSA-2024:1892", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2062 vom 2024-04-25", url: "https://access.redhat.com/errata/RHSA-2024:2062", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1899 vom 2024-04-25", url: "https://access.redhat.com/errata/RHSA-2024:1899", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2079 vom 2024-04-29", url: "https://access.redhat.com/errata/RHSA-2024:2079", }, { category: "external", summary: "Debian Security Advisory DLA-3799 vom 2024-04-28", url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1897 vom 2024-04-26", url: "https://access.redhat.com/errata/RHSA-2024:1897", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2523 vom 2024-04-29", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2523.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6729-3 vom 2024-04-29", url: "https://ubuntu.com/security/notices/USN-6729-3", }, { category: "external", summary: "Debian Security Advisory DLA-3804 vom 2024-05-01", url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2564 vom 2024-04-30", url: "https://access.redhat.com/errata/RHSA-2024:2564", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2562 vom 2024-04-30", url: "https://access.redhat.com/errata/RHSA-2024:2562", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2625 vom 2024-04-30", url: "https://access.redhat.com/errata/RHSA-2024:2625", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2047 vom 2024-05-02", url: "https://access.redhat.com/errata/RHSA-2024:2049", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2068 vom 2024-05-02", url: "https://access.redhat.com/errata/RHSA-2024:2068", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2699 vom 2024-05-06", url: "https://access.redhat.com/errata/RHSA-2024:2699", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:1786 vom 2024-05-06", url: "https://errata.build.resf.org/RLSA-2024:1786", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:1962 vom 2024-05-06", url: "https://errata.build.resf.org/RLSA-2024:1962", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2693 vom 2024-05-07", url: "https://access.redhat.com/errata/RHSA-2024:2693", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2694 vom 2024-05-07", url: "https://access.redhat.com/errata/RHSA-2024:2694", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2724 vom 2024-05-08", url: "https://linux.oracle.com/errata/ELSA-2024-2724.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2564 vom 2024-05-08", url: "https://linux.oracle.com/errata/ELSA-2024-2564.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2562 vom 2024-05-08", url: "https://linux.oracle.com/errata/ELSA-2024-2562.html", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:2778 vom 2024-05-09", url: "https://errata.build.resf.org/RLSA-2024:2778", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2664 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2664", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2667 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2667", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2668 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2668", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2671 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2671", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2672 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2672", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:2699 vom 2024-05-09", url: "https://errata.build.resf.org/RLSA-2024:2699", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2779 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2779", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2778 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2778", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2780 vom 2024-05-09", url: "https://access.redhat.com/errata/RHSA-2024:2780", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:2779 vom 2024-05-09", url: "https://errata.build.resf.org/RLSA-2024:2779", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:2780 vom 2024-05-09", url: "https://errata.build.resf.org/RLSA-2024:2780", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2699 vom 2024-05-09", url: "https://linux.oracle.com/errata/ELSA-2024-2699.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2778 vom 2024-05-09", url: "https://linux.oracle.com/errata/ELSA-2024-2778.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2780 vom 2024-05-10", url: "https://linux.oracle.com/errata/ELSA-2024-2780.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1627-1 vom 2024-05-13", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018514.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-1935 vom 2024-05-13", url: "https://alas.aws.amazon.com/ALAS-2024-1935.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2779 vom 2024-05-15", url: "https://linux.oracle.com/errata/ELSA-2024-2779.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2773 vom 2024-05-15", url: "https://access.redhat.com/errata/RHSA-2024:2773", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2853 vom 2024-05-15", url: "https://access.redhat.com/errata/RHSA-2024:2853", }, { category: "external", summary: "RedHat Security Advisory", url: "https://access.redhat.com/errata/RHSA-2024:2891", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2853 vom 2024-05-17", url: "https://linux.oracle.com/errata/ELSA-2024-2853.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2892 vom 2024-05-16", url: "https://access.redhat.com/errata/RHSA-2024:2892", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2782 vom 2024-05-16", url: "https://access.redhat.com/errata/RHSA-2024:2782", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2935 vom 2024-05-21", url: "https://access.redhat.com/errata/RHSA-2024:2935", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2907 vom 2024-05-20", url: "https://access.redhat.com/errata/RHSA-2024:2907", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2937 vom 2024-05-21", url: "https://access.redhat.com/errata/RHSA-2024:2937", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2936 vom 2024-05-21", url: "https://access.redhat.com/errata/RHSA-2024:2936", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2910 vom 2024-05-20", url: "https://access.redhat.com/errata/RHSA-2024:2910", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2865 vom 2024-05-21", url: "https://access.redhat.com/errata/RHSA-2024:2865", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2941 vom 2024-05-21", url: "https://access.redhat.com/errata/RHSA-2024:2941", }, { category: "external", summary: "IBM Security Bulletin 7154630 vom 2024-05-22", url: "https://www.ibm.com/support/pages/node/7154630", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3259 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:3259", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3315 vom 2024-05-23", url: "https://access.redhat.com/errata/RHSA-2024:3315", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2910 vom 2024-05-23", url: "https://linux.oracle.com/errata/ELSA-2024-2910.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3346 vom 2024-05-23", url: "https://access.redhat.com/errata/RHSA-2024:3346", }, { category: "external", summary: "Debian Security Advisory DLA-3818 vom 2024-05-25", url: "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1788-1 vom 2024-05-27", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018605.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3417 vom 2024-05-28", url: "https://access.redhat.com/errata/RHSA-2024:3417", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3402 vom 2024-05-28", url: "https://access.redhat.com/errata/RHSA-2024:3402", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3331 vom 2024-05-30", url: "https://access.redhat.com/errata/RHSA-2024:3331", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3479 vom 2024-05-29", url: "https://access.redhat.com/errata/RHSA-2024:3479", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3467 vom 2024-05-29", url: "https://access.redhat.com/errata/RHSA-2024:3467", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3327 vom 2024-05-29", url: "https://access.redhat.com/errata/RHSA-2024:3327", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-3346 vom 2024-05-30", url: "http://linux.oracle.com/errata/ELSA-2024-3346.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3501 vom 2024-05-30", url: "https://access.redhat.com/errata/RHSA-2024:3501", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2728 vom 2024-05-29", url: "https://access.redhat.com/errata/RHSA-2024:2728", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2554 vom 2024-05-30", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2554.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-040 vom 2024-05-30", url: "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-040.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2556 vom 2024-05-30", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2556.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2550 vom 2024-05-30", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2550.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2555 vom 2024-05-30", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2555.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-3259 vom 2024-06-01", url: "https://linux.oracle.com/errata/ELSA-2024-3259.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3544 vom 2024-06-03", url: "https://access.redhat.com/errata/RHSA-2024:3544", }, { category: "external", summary: "Amazon Linux Security Advisory ALASECS-2024-036 vom 2024-05-31", url: "https://alas.aws.amazon.com/AL2/ALASECS-2024-036.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3665 vom 2024-06-06", url: "https://access.redhat.com/errata/RHSA-2024:3665", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3701 vom 2024-06-06", url: "https://access.redhat.com/errata/RHSA-2024:3701", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3763 vom 2024-06-10", url: "https://access.redhat.com/errata/RHSA-2024:3763", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3523 vom 2024-06-10", url: "https://access.redhat.com/errata/RHSA-2024:3523", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1963-1 vom 2024-06-10", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018665.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2568 vom 2024-06-12", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2568.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3875 vom 2024-06-13", url: "https://access.redhat.com/errata/RHSA-2024:3875", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:2853 vom 2024-06-14", url: "https://errata.build.resf.org/RLSA-2024:2853", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:2910 vom 2024-06-14", url: "https://errata.build.resf.org/RLSA-2024:2910", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3885 vom 2024-06-19", url: "https://access.redhat.com/errata/RHSA-2024:3885", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:2108-1 vom 2024-06-20", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018771.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4023 vom 2024-06-21", url: "https://access.redhat.com/errata/RHSA-2024:4023", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4034 vom 2024-06-21", url: "https://access.redhat.com/errata/RHSA-2024:4034", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-3501 vom 2024-06-21", url: "https://linux.oracle.com/errata/ELSA-2024-3501.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4010 vom 2024-06-26", url: "https://access.redhat.com/errata/RHSA-2024:4010", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4006 vom 2024-06-27", url: "https://access.redhat.com/errata/RHSA-2024:4006", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4041 vom 2024-06-26", url: "https://access.redhat.com/errata/RHSA-2024:4041", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4125 vom 2024-06-26", url: "https://access.redhat.com/errata/RHSA-2024:4125", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4146 vom 2024-06-27", url: "https://access.redhat.com/errata/RHSA-2024:4146", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4126 vom 2024-06-26", url: "https://access.redhat.com/errata/RHSA-2024:4126", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2524 vom 2024-06-28", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2524.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-1931 vom 2024-06-28", url: "https://alas.aws.amazon.com/ALAS-2024-1931.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4252 vom 2024-07-03", url: "https://access.redhat.com/errata/RHSA-2024:4252", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-4252 vom 2024-07-03", url: "https://linux.oracle.com/errata/ELSA-2024-4252.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4390 vom 2024-07-08", url: "https://access.redhat.com/errata/RHSA-2024:4390", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4392 vom 2024-07-09", url: "https://access.redhat.com/errata/RHSA-2024:4392", }, { category: "external", summary: "IBM Security Bulletin 7159857 vom 2024-07-09", url: "https://www.ibm.com/support/pages/node/7159857", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4321 vom 2024-07-10", url: "https://access.redhat.com/errata/RHSA-2024:4321", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4464 vom 2024-07-11", url: "https://access.redhat.com/errata/RHSA-2024:4464", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4520 vom 2024-07-11", url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "external", summary: "IBM Security Bulletin 7160134 vom 2024-07-12", url: "https://www.ibm.com/support/pages/node/7160134", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4545 vom 2024-07-15", url: "https://access.redhat.com/errata/RHSA-2024:4545", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4546 vom 2024-07-15", url: "https://access.redhat.com/errata/RHSA-2024:4546", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4543 vom 2024-07-15", url: "https://access.redhat.com/errata/RHSA-2024:4543", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4484 vom 2024-07-17", url: "https://access.redhat.com/errata/RHSA-2024:4484", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4576 vom 2024-07-17", url: "https://access.redhat.com/errata/RHSA-2024:4576", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18", url: "https://access.redhat.com/errata/RHSA-2024:4631", }, { category: "external", summary: "Amazon Linux Security Advisory ALASECS-2024-039 vom 2024-07-23", url: "https://alas.aws.amazon.com/AL2/ALASECS-2024-039.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4721 vom 2024-07-23", url: "https://access.redhat.com/errata/RHSA-2024:4721", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4732 vom 2024-07-23", url: "https://access.redhat.com/errata/RHSA-2024:4732", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4677 vom 2024-07-25", url: "https://access.redhat.com/errata/RHSA-2024:4677", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4824 vom 2024-07-24", url: "https://access.redhat.com/errata/RHSA-2024:4824", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4922 vom 2024-07-31", url: "https://access.redhat.com/errata/RHSA-2024:4922", }, { category: "external", summary: "IBM Security Bulletin 7161954 vom 2024-07-30", url: "https://www.ibm.com/support/pages/node/7161954", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1167-2 vom 2024-07-31", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019073.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4934 vom 2024-07-31", url: "https://access.redhat.com/errata/RHSA-2024:4934", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:1868-1 vom 2024-07-31", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019070.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4933 vom 2024-07-31", url: "https://access.redhat.com/errata/RHSA-2024:4933", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4982 vom 2024-08-02", url: "https://access.redhat.com/errata/RHSA-2024:4982", }, { category: "external", summary: "IBM Security Bulletin 7162191 vom 2024-08-01", url: "https://www.ibm.com/support/pages/node/7162191", }, { category: "external", summary: "Dell Security Advisory DSA-2024-348 vom 2024-08-06", url: "https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202408-07 vom 2024-08-07", url: "https://security.gentoo.org/glsa/202408-07", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4960 vom 2024-08-07", url: "https://access.redhat.com/errata/RHSA-2024:4960", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202408-10 vom 2024-08-07", url: "https://security.gentoo.org/glsa/202408-10", }, { category: "external", summary: "IBM Security Bulletin 7162272 vom 2024-08-08", url: "https://www.ibm.com/support/pages/node/7162272", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5143 vom 2024-08-09", url: "https://access.redhat.com/errata/RHSA-2024:5143", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5144 vom 2024-08-09", url: "https://access.redhat.com/errata/RHSA-2024:5144", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5145 vom 2024-08-09", url: "https://access.redhat.com/errata/RHSA-2024:5145", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5147 vom 2024-08-09", url: "https://access.redhat.com/errata/RHSA-2024:5147", }, { category: "external", summary: "IBM Security Bulletin 7165265 vom 2024-08-12", url: "https://www.ibm.com/support/pages/node/7165265", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2618 vom 2024-08-13", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2618.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-5193 vom 2024-08-14", url: "https://linux.oracle.com/errata/ELSA-2024-5193.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASDOCKER-2024-042 vom 2024-08-21", url: "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-042.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-043 vom 2024-08-21", url: "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-043.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3098-1 vom 2024-09-03", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019363.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6004 vom 2024-09-04", url: "https://access.redhat.com/errata/RHSA-2024:6004", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3089-1 vom 2024-09-03", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019369.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3097-1 vom 2024-09-03", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019364.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6221 vom 2024-09-03", url: "https://access.redhat.com/errata/RHSA-2024:6221", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3155-1 vom 2024-09-06", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/T5LFLVGNA2FSZS3KR7555733PGXOIY4S/", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6409 vom 2024-09-11", url: "https://access.redhat.com/errata/RHSA-2024:6409", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6406 vom 2024-09-12", url: "https://access.redhat.com/errata/RHSA-2024:6406", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6642 vom 2024-09-18", url: "https://access.redhat.com/errata/RHSA-2024:6642", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3344-1 vom 2024-09-19", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019471.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3341-1 vom 2024-09-19", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019474.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3343-1 vom 2024-09-19", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019472.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3342-1 vom 2024-09-19", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019473.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6811 vom 2024-09-25", url: "https://access.redhat.com/errata/RHSA-2024:6811", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7164 vom 2024-09-26", url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "external", summary: "Debian Security Advisory DLA-3898 vom 2024-09-27", url: "https://lists.debian.org/debian-lts-announce/2024/09/msg00041.html", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202409-31 vom 2024-09-28", url: "https://security.gentoo.org/glsa/202409-31", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2645 vom 2024-10-02", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2645.html", }, { category: "external", summary: "Dell Security Advisory DSA-2024-422 vom 2024-10-10", url: "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities", }, { category: "external", summary: "Dell Security Advisory DSA-2024-423 vom 2024-10-11", url: "https://www.dell.com/support/kbdoc/de-de/000235068/dsa-2024-423-security-update-for-dell-networker-and-networker-management-console-nmc-multiple-component-vulnerabilities", }, { category: "external", summary: "IBM Security Bulletin 7173018 vom 2024-10-14", url: "https://www.ibm.com/support/pages/node/7173018", }, { category: "external", summary: "Splunk Security Advisory SVD-2024-1012 vom 2024-10-14", url: "https://advisory.splunk.com//advisories/SVD-2024-1012", }, { category: "external", summary: "openSUSE Security Update OPENSUSE-SU-2024:14399-1 vom 2024-10-15", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4SYE7WTKUNXNTHQW42V7UBGJBEQBHRTP/", }, { category: "external", summary: "openSUSE Security Update OPENSUSE-SU-2024:14400-1 vom 2024-10-15", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4ZZCCVQLIJ7QABQ7SEQNIICQGIOXKWPA/", }, { category: "external", summary: "IBM Security Bulletin 7173744 vom 2024-10-22", url: "https://www.ibm.com/support/pages/node/7173744", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3755-1 vom 2024-10-24", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/IDZD3NVTACJTTUYRJDCRM2C2RTOJVHD6/", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8235 vom 2024-10-23", url: "https://access.redhat.com/errata/RHSA-2024:8235", }, { category: "external", summary: "IBM Security Bulletin", url: "https://www.ibm.com/support/pages/node/7174634", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8692 vom 2024-11-07", url: "https://access.redhat.com/errata/RHSA-2024:8692", }, { category: "external", summary: "Ubuntu Security Notice USN-7111-1 vom 2024-11-14", url: "https://ubuntu.com/security/notices/USN-7111-1", }, { category: "external", summary: "Ubuntu Security Notice USN-7109-1 vom 2024-11-14", url: "https://ubuntu.com/security/notices/USN-7109-1", }, { category: "external", summary: "XEROX Security Advisory XRX24-017 vom 2024-11-21", url: "https://securitydocs.business.xerox.com/wp-content/uploads/2024/11/Xerox-Security-Bulletin-XRX24-017-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf", }, { category: "external", summary: "XEROX Security Advisory XRX25-001 vom 2025-01-13", url: "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-001-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf", }, { category: "external", summary: "HPE Security Bulletin vom 2025-01-17", url: "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04773en_us&docLocale=en_US", }, ], source_lang: "en-US", title: "HTTP/2: Mehrere Schwachstellen ermöglichen Denial of Service", tracking: { current_release_date: "2025-01-19T23:00:00.000+00:00", generator: { date: "2025-01-20T09:27:52.258+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-0789", initial_release_date: "2024-04-03T22:00:00.000+00:00", revision_history: [ { date: "2024-04-03T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-04-04T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2024-04-07T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Fedora und SUSE aufgenommen", }, { date: "2024-04-08T22:00:00.000+00:00", number: "4", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-04-10T22:00:00.000+00:00", number: "5", summary: "Neue Updates aufgenommen", }, { date: "2024-04-11T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat und Ubuntu aufgenommen", }, { date: "2024-04-14T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Debian und Oracle Linux aufgenommen", }, { date: "2024-04-16T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2024-04-17T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Ubuntu und Red Hat aufgenommen", }, { date: "2024-04-18T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-04-22T22:00:00.000+00:00", number: "11", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-04-23T22:00:00.000+00:00", number: "12", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-04-24T22:00:00.000+00:00", number: "13", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-04-25T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-04-28T22:00:00.000+00:00", number: "15", summary: "Neue Updates von Red Hat und Debian aufgenommen", }, { date: "2024-04-29T22:00:00.000+00:00", number: "16", summary: "Neue Updates von Amazon und Ubuntu aufgenommen", }, { date: "2024-05-01T22:00:00.000+00:00", number: "17", summary: "Neue Updates von Debian und Red Hat aufgenommen", }, { date: "2024-05-02T22:00:00.000+00:00", number: "18", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-05T22:00:00.000+00:00", number: "19", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-06T22:00:00.000+00:00", number: "20", summary: "Neue Updates von Rocky Enterprise Software Foundation aufgenommen", }, { date: "2024-05-07T22:00:00.000+00:00", number: "21", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2024-05-09T22:00:00.000+00:00", number: "22", summary: "Neue Updates von Rocky Enterprise Software Foundation, Red Hat und Oracle Linux aufgenommen", }, { date: "2024-05-12T22:00:00.000+00:00", number: "23", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-05-13T22:00:00.000+00:00", number: "24", summary: "Neue Updates von SUSE und Amazon aufgenommen", }, { date: "2024-05-14T22:00:00.000+00:00", number: "25", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-05-15T22:00:00.000+00:00", number: "26", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-16T22:00:00.000+00:00", number: "27", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2024-05-20T22:00:00.000+00:00", number: "28", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-21T22:00:00.000+00:00", number: "29", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-05-22T22:00:00.000+00:00", number: "30", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-23T22:00:00.000+00:00", number: "31", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-26T22:00:00.000+00:00", number: "32", summary: "Neue Updates von Debian aufgenommen", }, { date: "2024-05-27T22:00:00.000+00:00", number: "33", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-05-28T22:00:00.000+00:00", number: "34", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-30T22:00:00.000+00:00", number: "35", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2024-06-02T22:00:00.000+00:00", number: "36", summary: "Neue Updates von Oracle Linux, Red Hat und Amazon aufgenommen", }, { date: "2024-06-05T22:00:00.000+00:00", number: "37", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-06T22:00:00.000+00:00", number: "38", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-10T22:00:00.000+00:00", number: "39", summary: "Neue Updates von Red Hat und SUSE aufgenommen", }, { date: "2024-06-11T22:00:00.000+00:00", number: "40", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-06-12T22:00:00.000+00:00", number: "41", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-16T22:00:00.000+00:00", number: "42", summary: "Neue Updates von Rocky Enterprise Software Foundation aufgenommen", }, { date: "2024-06-18T22:00:00.000+00:00", number: "43", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-20T22:00:00.000+00:00", number: "44", summary: "Neue Updates von SUSE und Red Hat aufgenommen", }, { date: "2024-06-25T22:00:00.000+00:00", number: "45", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-26T22:00:00.000+00:00", number: "46", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-30T22:00:00.000+00:00", number: "47", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-07-02T22:00:00.000+00:00", number: "48", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2024-07-08T22:00:00.000+00:00", number: "49", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-09T22:00:00.000+00:00", number: "50", summary: "Neue Updates von IBM und IBM-APAR aufgenommen", }, { date: "2024-07-10T22:00:00.000+00:00", number: "51", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-11T22:00:00.000+00:00", number: "52", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-15T22:00:00.000+00:00", number: "53", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-16T22:00:00.000+00:00", number: "54", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-18T22:00:00.000+00:00", number: "55", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-22T22:00:00.000+00:00", number: "56", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-07-23T22:00:00.000+00:00", number: "57", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-24T22:00:00.000+00:00", number: "58", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-30T22:00:00.000+00:00", number: "59", summary: "Neue Updates von Red Hat und IBM aufgenommen", }, { date: "2024-07-31T22:00:00.000+00:00", number: "60", summary: "Neue Updates von SUSE und Red Hat aufgenommen", }, { date: "2024-08-01T22:00:00.000+00:00", number: "61", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-05T22:00:00.000+00:00", number: "62", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-08-06T22:00:00.000+00:00", number: "63", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-08-07T22:00:00.000+00:00", number: "64", summary: "Neue Updates von Red Hat und Gentoo aufgenommen", }, { date: "2024-08-08T22:00:00.000+00:00", number: "65", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-11T22:00:00.000+00:00", number: "66", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-08-13T22:00:00.000+00:00", number: "67", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-08-14T22:00:00.000+00:00", number: "68", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-08-21T22:00:00.000+00:00", number: "69", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-09-03T22:00:00.000+00:00", number: "70", summary: "Neue Updates von SUSE und Red Hat aufgenommen", }, { date: "2024-09-08T22:00:00.000+00:00", number: "71", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-09-11T22:00:00.000+00:00", number: "72", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-17T22:00:00.000+00:00", number: "73", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-19T22:00:00.000+00:00", number: "74", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-09-24T22:00:00.000+00:00", number: "75", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-25T22:00:00.000+00:00", number: "76", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-29T22:00:00.000+00:00", number: "77", summary: "Neue Updates von Debian und Gentoo aufgenommen", }, { date: "2024-10-03T22:00:00.000+00:00", number: "78", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-10-09T22:00:00.000+00:00", number: "79", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-10-10T22:00:00.000+00:00", number: "80", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-10-13T22:00:00.000+00:00", number: "81", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-10-14T22:00:00.000+00:00", number: "82", summary: "Neue Updates von Splunk-SVD aufgenommen", }, { date: "2024-10-15T22:00:00.000+00:00", number: "83", summary: "Neue Updates von openSUSE aufgenommen", }, { date: "2024-10-22T22:00:00.000+00:00", number: "84", summary: "Neue Updates von IBM und IBM-APAR aufgenommen", }, { date: "2024-10-23T22:00:00.000+00:00", number: "85", summary: "Neue Updates von SUSE und Red Hat aufgenommen", }, { date: "2024-10-31T23:00:00.000+00:00", number: "86", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-11-06T23:00:00.000+00:00", number: "87", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-14T23:00:00.000+00:00", number: "88", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2024-11-21T23:00:00.000+00:00", number: "89", summary: "Neue Updates von XEROX aufgenommen", }, { date: "2024-12-15T23:00:00.000+00:00", number: "90", summary: "Referenz(en) aufgenommen: 7178947", }, { date: "2025-01-12T23:00:00.000+00:00", number: "91", summary: "Neue Updates von XEROX aufgenommen", }, { date: "2025-01-19T23:00:00.000+00:00", number: "92", summary: "Neue Updates von HP aufgenommen", }, ], status: "final", version: "92", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { branches: [ { category: "product_version_range", name: "<2.4.59", product: { name: "Apache HTTP Server <2.4.59", product_id: "T033904", }, }, { category: "product_version", name: "2.4.59", product: { name: "Apache HTTP Server 2.4.59", product_id: "T033904-fixed", product_identification_helper: { cpe: "cpe:/a:apache:http_server:2.4.59", }, }, }, ], category: "product_name", name: "HTTP Server", }, { branches: [ { category: "product_version_range", name: "<8.1.10", product: { name: "Apache Traffic Server <8.1.10", product_id: "T034079", }, }, { category: "product_version", name: "8.1.10", product: { name: "Apache Traffic Server 8.1.10", product_id: "T034079-fixed", product_identification_helper: { cpe: "cpe:/a:apache:traffic_server:8.1.10", }, }, }, { category: "product_version_range", name: "<9.2.4", product: { name: "Apache Traffic Server <9.2.4", product_id: "T034080", }, }, { category: "product_version", name: "9.2.4", product: { name: "Apache Traffic Server 9.2.4", product_id: "T034080-fixed", product_identification_helper: { cpe: "cpe:/a:apache:traffic_server:9.2.4", }, }, }, ], category: "product_name", name: "Traffic Server", }, ], category: "vendor", name: "Apache", }, { branches: [ { category: "product_name", name: "Arista EOS", product: { name: "Arista EOS", product_id: "T033896", product_identification_helper: { cpe: "cpe:/o:arista:arista_eos:-", }, }, }, ], category: "vendor", name: "Arista", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { branches: [ { category: "product_name", name: "Dell NetWorker", product: { name: "Dell NetWorker", product_id: "T024663", product_identification_helper: { cpe: "cpe:/a:dell:networker:-", }, }, }, { category: "product_version_range", name: "<19.10.0.5", product: { name: "Dell NetWorker <19.10.0.5", product_id: "T038270", }, }, { category: "product_version", name: "19.10.0.5", product: { name: "Dell NetWorker 19.10.0.5", product_id: "T038270-fixed", product_identification_helper: { cpe: "cpe:/a:dell:networker:19.10.0.5", }, }, }, ], category: "product_name", name: "NetWorker", }, ], category: "vendor", name: "Dell", }, { branches: [ { category: "product_name", name: "EMC Avamar", product: { name: "EMC Avamar", product_id: "T014381", product_identification_helper: { cpe: "cpe:/a:emc:avamar:-", }, }, }, ], category: "vendor", name: "EMC", }, { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version_range", name: "<1.22.2", product: { name: "Golang Go <1.22.2", product_id: "T033893", }, }, { category: "product_version", name: "1.22.2", product: { name: "Golang Go 1.22.2", product_id: "T033893-fixed", product_identification_helper: { cpe: "cpe:/a:golang:go:1.22.2", }, }, }, ], category: "product_name", name: "Go", }, ], category: "vendor", name: "Golang", }, { branches: [ { branches: [ { category: "product_version_range", name: "<11.31", product: { name: "HPE HP-UX <11.31", product_id: "T040402", }, }, { category: "product_version", name: "11.31", product: { name: "HPE HP-UX 11.31", product_id: "T040402-fixed", product_identification_helper: { cpe: "cpe:/o:hp:hp-ux:11.31", }, }, }, ], category: "product_name", name: "HP-UX", }, ], category: "vendor", name: "HPE", }, { branches: [ { category: "product_name", name: "IBM App Connect Enterprise", product: { name: "IBM App Connect Enterprise", product_id: "T032495", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:-", }, }, }, { branches: [ { category: "product_version_range", name: "<10.5.0.12", product: { name: "IBM DataPower Gateway <10.5.0.12", product_id: "T035904", }, }, { category: "product_version", name: "10.5.0.12", product: { name: "IBM DataPower Gateway 10.5.0.12", product_id: "T035904-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:datapower_gateway:10.5.0.12", }, }, }, { category: "product_version_range", name: "<10.6.0.0", product: { name: "IBM DataPower Gateway <10.6.0.0", product_id: "T035905", }, }, { category: "product_version", name: "10.6.0.0", product: { name: "IBM DataPower Gateway 10.6.0.0", product_id: "T035905-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:datapower_gateway:10.6.0.0", }, }, }, ], category: "product_name", name: "DataPower Gateway", }, { branches: [ { category: "product_version_range", name: "Operator <3.1.3", product: { name: "IBM MQ Operator <3.1.3", product_id: "T034999", }, }, { category: "product_version", name: "Operator 3.1.3", product: { name: "IBM MQ Operator 3.1.3", product_id: "T034999-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:mq:operator__3.1.3", }, }, }, { category: "product_version_range", name: "Operator <2.0.22 LTS", product: { name: "IBM MQ Operator <2.0.22 LTS", product_id: "T035000", }, }, { category: "product_version", name: "Operator 2.0.22 LTS", product: { name: "IBM MQ Operator 2.0.22 LTS", product_id: "T035000-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:mq:operator__2.0.22_lts", }, }, }, { category: "product_version", name: "Operator", product: { name: "IBM MQ Operator", product_id: "T036688", product_identification_helper: { cpe: "cpe:/a:ibm:mq:operator", }, }, }, ], category: "product_name", name: "MQ", }, { branches: [ { category: "product_version", name: "v10", product: { name: "IBM Power Hardware Management Console v10", product_id: "T023373", product_identification_helper: { cpe: "cpe:/a:ibm:hardware_management_console:v10", }, }, }, ], category: "product_name", name: "Power Hardware Management Console", }, { branches: [ { category: "product_version_range", name: "<7.5.0 UP9", product: { name: "IBM QRadar SIEM <7.5.0 UP9", product_id: "T036127", }, }, { category: "product_version", name: "7.5.0 UP9", product: { name: "IBM QRadar SIEM 7.5.0 UP9", product_id: "T036127-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5.0_up9", }, }, }, { category: "product_version_range", name: "<7.5.0 UP10 IF01", product: { name: "IBM QRadar SIEM <7.5.0 UP10 IF01", product_id: "T038741", }, }, { category: "product_version", name: "7.5.0 UP10 IF01", product: { name: "IBM QRadar SIEM 7.5.0 UP10 IF01", product_id: "T038741-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01", }, }, }, ], category: "product_name", name: "QRadar SIEM", }, { branches: [ { category: "product_version_range", name: "<8.0.0.27", product: { name: "IBM Rational Build Forge <8.0.0.27", product_id: "T038286", }, }, { category: "product_version", name: "8.0.0.27", product: { name: "IBM Rational Build Forge 8.0.0.27", product_id: "T038286-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:rational_build_forge:8.0.0.27", }, }, }, ], category: "product_name", name: "Rational Build Forge", }, { branches: [ { category: "product_version_range", name: "<10.1.16.2", product: { name: "IBM Spectrum Protect Plus <10.1.16.2", product_id: "T036379", }, }, { category: "product_version", name: "10.1.16.2", product: { name: "IBM Spectrum Protect Plus 10.1.16.2", product_id: "T036379-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:spectrum_protect_plus:10.1.16.2", }, }, }, ], category: "product_name", name: "Spectrum Protect Plus", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Open Source nghttp2", product: { name: "Open Source nghttp2", product_id: "T033895", product_identification_helper: { cpe: "cpe:/a:nghttp2:nghttp2:-", }, }, }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "RESF Rocky Linux", product: { name: "RESF Rocky Linux", product_id: "T032255", product_identification_helper: { cpe: "cpe:/o:resf:rocky_linux:-", }, }, }, ], category: "vendor", name: "RESF", }, { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_version", name: "Advanced Cluster Security for Kubernetes 4", product: { name: "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4", product_id: "T027916", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4", }, }, }, ], category: "product_name", name: "Enterprise Linux", }, { branches: [ { category: "product_version", name: "Virtualization 4.13", product: { name: "Red Hat OpenShift Virtualization 4.13", product_id: "T027763", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:virtualization_4.13", }, }, }, { category: "product_version", name: "Container Platform 4.14", product: { name: "Red Hat OpenShift Container Platform 4.14", product_id: "T031393", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform_4.14.4", }, }, }, { category: "product_version_range", name: "Container Platform <4.15", product: { name: "Red Hat OpenShift Container Platform <4.15", product_id: "T034232", }, }, { category: "product_version", name: "Container Platform 4.15", product: { name: "Red Hat OpenShift Container Platform 4.15", product_id: "T034232-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.15", }, }, }, { category: "product_version_range", name: "Container Platform <4.15.12", product: { name: "Red Hat OpenShift Container Platform <4.15.12", product_id: "T034661", }, }, { category: "product_version", name: "Container Platform 4.15.12", product: { name: "Red Hat OpenShift Container Platform 4.15.12", product_id: "T034661-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.15.12", }, }, }, { category: "product_version_range", name: "Container Platform <4.14.24", product: { name: "Red Hat OpenShift Container Platform <4.14.24", product_id: "T034662", }, }, { category: "product_version", name: "Container Platform 4.14.24", product: { name: "Red Hat OpenShift Container Platform 4.14.24", product_id: "T034662-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.14.24", }, }, }, { category: "product_version_range", name: "Container Platform <4.15.14", product: { name: "Red Hat OpenShift Container Platform <4.15.14", product_id: "T034932", }, }, { category: "product_version", name: "Container Platform 4.15.14", product: { name: "Red Hat OpenShift Container Platform 4.15.14", product_id: "T034932-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.15.14", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, { category: "product_name", name: "SUSE openSUSE", product: { name: "SUSE openSUSE", product_id: "T027843", product_identification_helper: { cpe: "cpe:/o:suse:opensuse:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Specification http/2", product: { name: "Specification http/2", product_id: "T033894", product_identification_helper: { cpe: "cpe:/a:ietf:http2:-", }, }, }, ], category: "vendor", name: "Specification", }, { branches: [ { branches: [ { category: "product_version_range", name: "<9.3.1", product: { name: "Splunk Splunk Enterprise <9.3.1", product_id: "T038314", }, }, { category: "product_version", name: "9.3.1", product: { name: "Splunk Splunk Enterprise 9.3.1", product_id: "T038314-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.3.1", }, }, }, { category: "product_version_range", name: "<9.2.3", product: { name: "Splunk Splunk Enterprise <9.2.3", product_id: "T038315", }, }, { category: "product_version", name: "9.2.3", product: { name: "Splunk Splunk Enterprise 9.2.3", product_id: "T038315-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.2.3", }, }, }, { category: "product_version_range", name: "<9.1.6", product: { name: "Splunk Splunk Enterprise <9.1.6", product_id: "T038316", }, }, { category: "product_version", name: "9.1.6", product: { name: "Splunk Splunk Enterprise 9.1.6", product_id: "T038316-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.1.6", }, }, }, ], category: "product_name", name: "Splunk Enterprise", }, ], category: "vendor", name: "Splunk", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, { branches: [ { branches: [ { category: "product_version", name: "v9", product: { name: "Xerox FreeFlow Print Server v9", product_id: "T015632", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9", }, }, }, { category: "product_version", name: "v9 for Solaris", product: { name: "Xerox FreeFlow Print Server v9 for Solaris", product_id: "T028053", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9_for_solaris", }, }, }, ], category: "product_name", name: "FreeFlow Print Server", }, ], category: "vendor", name: "Xerox", }, ], }, vulnerabilities: [ { cve: "CVE-2023-45288", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2023-45288", }, { cve: "CVE-2024-2653", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2024-2653", }, { cve: "CVE-2024-27316", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2024-27316", }, { cve: "CVE-2024-2758", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2024-2758", }, { cve: "CVE-2024-27919", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2024-27919", }, { cve: "CVE-2024-28182", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2024-28182", }, { cve: "CVE-2024-30255", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2024-30255", }, { cve: "CVE-2024-31309", notes: [ { category: "description", text: "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empfängt der Endpunkt weiterhin Header-Daten. Mit einer großen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gefüllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033895", "T033896", "67646", "T031393", "T036127", "T036688", "T004914", "T033893", "T033894", "T034662", "T038741", "T034661", "T034080", "T027916", "T038286", "T024663", "398363", "T033904", "T035905", "T023373", "T034932", "T028053", "T035904", "T034999", "T035000", "T038314", "T015632", "T036379", "T038315", "T012167", "T038316", "T032255", "74185", "T034079", "T032495", "T034232", "T014381", "2951", "T002207", "T000126", "T038270", "T027843", "T040402", "T027763", ], }, release_date: "2024-04-03T22:00:00.000+00:00", title: "CVE-2024-31309", }, ], }
RHSA-2024:7725
Vulnerability from csaf_redhat
Published
2024-10-07 09:24
Modified
2025-04-25 01:43
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.5
Notes
Topic
Red Hat OpenShift Service Mesh Containers for 2.5.5
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)
* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)
* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule
(CVE-2024-43788)
* envoy: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode (CVE-2024-23326)
* body-parser: Denial of Service Vulnerability in body-parser (CVE-2024-45590)
* envoy: Brotli decompressor infinite loop (CVE-2024-32976)
* envoy: abnormal termination when using auto_sni with authority header longer
than 255 characters (CVE-2024-32475)
* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)
* envoy: Potential to manipulate `x-envoy` headers from external sources (CVE-2024-45806)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Service Mesh Containers for 2.5.5\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)\n* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)\n* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule\n(CVE-2024-43788)\n* envoy: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode (CVE-2024-23326)\n* body-parser: Denial of Service Vulnerability in body-parser (CVE-2024-45590)\n* envoy: Brotli decompressor infinite loop (CVE-2024-32976)\n* envoy: abnormal termination when using auto_sni with authority header longer\nthan 255 characters (CVE-2024-32475)\n* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)\n* envoy: Potential to manipulate `x-envoy` headers from external sources (CVE-2024-45806)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7725", url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2259228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2259228", }, { category: "external", summary: "2272986", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272986", }, { category: "external", summary: "2276149", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2276149", }, { category: "external", summary: "2283145", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2283145", }, { category: "external", summary: "2308193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308193", }, { category: "external", summary: "2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "2313683", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313683", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7725.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.5", tracking: { current_release_date: "2025-04-25T01:43:11+00:00", generator: { date: "2025-04-25T01:43:11+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:7725", initial_release_date: "2024-10-07T09:24:53+00:00", revision_history: [ { date: "2024-10-07T09:24:53+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-07T09:24:53+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-25T01:43:11+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHOSSM 2.5 for RHEL 8", product: { name: "RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.5::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.73.14-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.5.5-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.73.15-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.5.5-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.5.5-3", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.73.14-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", product_id: "openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.5.5-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", product_id: "openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.73.15-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", product_id: "openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.5.5-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.5.5-3", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.73.14-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", product_id: "openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.5.5-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.73.15-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", product_id: "openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.5.5-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.5.5-3", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.73.14-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.5.5-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.73.15-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.5.5-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.5.5-3", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, ], }, vulnerabilities: [ { cve: "CVE-2024-23326", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2024-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2259228", }, ], notes: [ { category: "description", text: "A possible request smuggling vulnerability exists through Envoy. This issue occurs if a server can be tricked into adding an upgrade header into a response.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23326", }, { category: "external", summary: "RHBZ#2259228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2259228", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23326", url: "https://www.cve.org/CVERecord?id=CVE-2024-23326", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23326", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23326", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c", }, ], release_date: "2024-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode", }, { acknowledgments: [ { names: [ "Bartek Nowotarski", ], organization: "nowotarski.info", }, ], cve: "CVE-2024-30255", cwe: { id: "CWE-390", name: "Detection of Error Condition Without Action", }, discovery_date: "2024-04-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2272986", }, ], notes: [ { category: "description", text: "A vulnerability was found in how Envoy Proxy implements the HTTP/2 codec. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute resources to cause a Denial of Service.", title: "Vulnerability description", }, { category: "summary", text: "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream Envoy. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-30255", }, { category: "external", summary: "RHBZ#2272986", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272986", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-30255", url: "https://www.cve.org/CVERecord?id=CVE-2024-30255", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-30255", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-30255", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", }, { category: "external", summary: "https://nowotarski.info/http2-continuation-flood/", url: "https://nowotarski.info/http2-continuation-flood/", }, { category: "external", summary: "https://www.kb.cert.org/vuls/id/421644", url: "https://www.kb.cert.org/vuls/id/421644", }, ], release_date: "2024-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood", }, { cve: "CVE-2024-32475", cwe: { id: "CWE-617", name: "Reachable Assertion", }, discovery_date: "2024-04-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2276149", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy, a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with \"auto_sni\" enabled, a request containing a \"host/:authority\" header longer than 255 characters triggers an abnormal termination of the Envoy process, leading to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "envoy: abnormal termination when using auto_sni with authority header longer than 255 characters", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-32475", }, { category: "external", summary: "RHBZ#2276149", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2276149", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-32475", url: "https://www.cve.org/CVERecord?id=CVE-2024-32475", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-32475", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32475", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382", url: "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj", }, ], release_date: "2024-04-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: abnormal termination when using auto_sni with authority header longer than 255 characters", }, { cve: "CVE-2024-32976", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2283145", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy's Brotli decompressor. This flaw allows a remote, unauthenticated attacker to trigger an infinite loop, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Brotli decompressor infinite loop", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-32976", }, { category: "external", summary: "RHBZ#2283145", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2283145", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-32976", url: "https://www.cve.org/CVERecord?id=CVE-2024-32976", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-32976", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32976", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m", }, ], release_date: "2024-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: Brotli decompressor infinite loop", }, { cve: "CVE-2024-43788", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-08-27T17:20:06.890123+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2308193", }, ], notes: [ { category: "description", text: "A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.", title: "Vulnerability description", }, { category: "summary", text: "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule", title: "Vulnerability summary", }, { category: "other", text: "The severity of this issue is classified as moderate rather than important due to the specific conditions required for exploitation. DOM Clobbering, while serious, can only be leveraged in environments where an attacker has the ability to inject unsanitized HTML attributes (e.g., `name` or `id`) into a web page. This limits the attack surface to applications that improperly sanitize user input and rely on Webpack-generated files. Furthermore, the exploitation depends on existing vulnerabilities in the sanitization process, rather than the direct execution of arbitrary scripts. As a result, while the issue can lead to XSS, its impact is constrained by the contextual requirement of HTML injection, lowering its overall severity compared to more direct XSS vectors.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43788", }, { category: "external", summary: "RHBZ#2308193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43788", url: "https://www.cve.org/CVERecord?id=CVE-2024-43788", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43788", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43788", }, { category: "external", summary: "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61", url: "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61", }, { category: "external", summary: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", url: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", }, { category: "external", summary: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", url: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", }, { category: "external", summary: "https://scnps.co/papers/sp23_domclob.pdf", url: "https://scnps.co/papers/sp23_domclob.pdf", }, ], release_date: "2024-08-27T17:15:07.967000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule", }, { cve: "CVE-2024-43799", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:30.869487+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311153", }, ], notes: [ { category: "description", text: "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", title: "Vulnerability description", }, { category: "summary", text: "send: Code Execution Vulnerability in Send Library", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "RHBZ#2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43799", url: "https://www.cve.org/CVERecord?id=CVE-2024-43799", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", }, { category: "external", summary: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", url: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", }, { category: "external", summary: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", url: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", }, ], release_date: "2024-09-10T15:15:17.727000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "send: Code Execution Vulnerability in Send Library", }, { cve: "CVE-2024-43800", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:33.631718+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311154", }, ], notes: [ { category: "description", text: "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", title: "Vulnerability description", }, { category: "summary", text: "serve-static: Improper Sanitization in serve-static", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "RHBZ#2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43800", url: "https://www.cve.org/CVERecord?id=CVE-2024-43800", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", url: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", url: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", }, { category: "external", summary: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", url: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", }, ], release_date: "2024-09-10T15:15:17.937000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "serve-static: Improper Sanitization in serve-static", }, { cve: "CVE-2024-45590", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2024-09-10T16:20:29.292154+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311171", }, ], notes: [ { category: "description", text: "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", title: "Vulnerability description", }, { category: "summary", text: "body-parser: Denial of Service Vulnerability in body-parser", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "RHBZ#2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45590", url: "https://www.cve.org/CVERecord?id=CVE-2024-45590", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", }, { category: "external", summary: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", url: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", }, { category: "external", summary: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", url: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", }, ], release_date: "2024-09-10T16:15:21.083000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "body-parser: Denial of Service Vulnerability in body-parser", }, { acknowledgments: [ { names: [ "Mike Whale", ], }, { names: [ "James Force", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2024-45806", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, discovery_date: "2024-09-20T00:40:20.976812+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313683", }, ], notes: [ { category: "description", text: "A vulnerability was found in Envoy that allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty. The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted such as changing arbitrary x-envoy headers, please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Potential to manipulate `x-envoy` headers from external sources", title: "Vulnerability summary", }, { category: "other", text: "Red Hat's CVSS score and impact are specific to our product and may not match those of upstream. This is due to how envoy is configured and used within our OpenShift Service Mesh product.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45806", }, { category: "external", summary: "RHBZ#2313683", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313683", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45806", url: "https://www.cve.org/CVERecord?id=CVE-2024-45806", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45806", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45806", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf", }, ], release_date: "2024-09-20T00:15:02.293000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "This flaw can be mitigated by configuring envoy to treat all IPs as external. This is done by setting the internal_address_config range for envoy to `0.0.0.0/32`.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: Potential to manipulate `x-envoy` headers from external sources", }, ], }
rhsa-2024:7725
Vulnerability from csaf_redhat
Published
2024-10-07 09:24
Modified
2025-04-25 01:43
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.5
Notes
Topic
Red Hat OpenShift Service Mesh Containers for 2.5.5
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)
* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)
* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule
(CVE-2024-43788)
* envoy: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode (CVE-2024-23326)
* body-parser: Denial of Service Vulnerability in body-parser (CVE-2024-45590)
* envoy: Brotli decompressor infinite loop (CVE-2024-32976)
* envoy: abnormal termination when using auto_sni with authority header longer
than 255 characters (CVE-2024-32475)
* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)
* envoy: Potential to manipulate `x-envoy` headers from external sources (CVE-2024-45806)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Service Mesh Containers for 2.5.5\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)\n* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)\n* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule\n(CVE-2024-43788)\n* envoy: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode (CVE-2024-23326)\n* body-parser: Denial of Service Vulnerability in body-parser (CVE-2024-45590)\n* envoy: Brotli decompressor infinite loop (CVE-2024-32976)\n* envoy: abnormal termination when using auto_sni with authority header longer\nthan 255 characters (CVE-2024-32475)\n* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)\n* envoy: Potential to manipulate `x-envoy` headers from external sources (CVE-2024-45806)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7725", url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2259228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2259228", }, { category: "external", summary: "2272986", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272986", }, { category: "external", summary: "2276149", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2276149", }, { category: "external", summary: "2283145", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2283145", }, { category: "external", summary: "2308193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308193", }, { category: "external", summary: "2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "2313683", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313683", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7725.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.5", tracking: { current_release_date: "2025-04-25T01:43:11+00:00", generator: { date: "2025-04-25T01:43:11+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:7725", initial_release_date: "2024-10-07T09:24:53+00:00", revision_history: [ { date: "2024-10-07T09:24:53+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-07T09:24:53+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-25T01:43:11+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHOSSM 2.5 for RHEL 8", product: { name: "RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.5::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.73.14-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.5.5-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.73.15-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.5.5-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.5.5-3", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.73.14-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", product_id: "openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.5.5-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", product_id: "openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.73.15-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", product_id: "openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.5.5-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.5.5-3", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.73.14-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", product_id: "openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.5.5-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.73.15-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", product_id: "openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.5.5-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.5.5-3", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.73.14-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.5.5-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.73.15-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.5.5-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.5.5-3", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, ], }, vulnerabilities: [ { cve: "CVE-2024-23326", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2024-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2259228", }, ], notes: [ { category: "description", text: "A possible request smuggling vulnerability exists through Envoy. This issue occurs if a server can be tricked into adding an upgrade header into a response.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23326", }, { category: "external", summary: "RHBZ#2259228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2259228", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23326", url: "https://www.cve.org/CVERecord?id=CVE-2024-23326", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23326", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23326", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c", }, ], release_date: "2024-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode", }, { acknowledgments: [ { names: [ "Bartek Nowotarski", ], organization: "nowotarski.info", }, ], cve: "CVE-2024-30255", cwe: { id: "CWE-390", name: "Detection of Error Condition Without Action", }, discovery_date: "2024-04-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2272986", }, ], notes: [ { category: "description", text: "A vulnerability was found in how Envoy Proxy implements the HTTP/2 codec. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute resources to cause a Denial of Service.", title: "Vulnerability description", }, { category: "summary", text: "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream Envoy. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-30255", }, { category: "external", summary: "RHBZ#2272986", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272986", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-30255", url: "https://www.cve.org/CVERecord?id=CVE-2024-30255", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-30255", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-30255", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", }, { category: "external", summary: "https://nowotarski.info/http2-continuation-flood/", url: "https://nowotarski.info/http2-continuation-flood/", }, { category: "external", summary: "https://www.kb.cert.org/vuls/id/421644", url: "https://www.kb.cert.org/vuls/id/421644", }, ], release_date: "2024-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood", }, { cve: "CVE-2024-32475", cwe: { id: "CWE-617", name: "Reachable Assertion", }, discovery_date: "2024-04-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2276149", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy, a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with \"auto_sni\" enabled, a request containing a \"host/:authority\" header longer than 255 characters triggers an abnormal termination of the Envoy process, leading to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "envoy: abnormal termination when using auto_sni with authority header longer than 255 characters", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-32475", }, { category: "external", summary: "RHBZ#2276149", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2276149", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-32475", url: "https://www.cve.org/CVERecord?id=CVE-2024-32475", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-32475", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32475", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382", url: "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj", }, ], release_date: "2024-04-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: abnormal termination when using auto_sni with authority header longer than 255 characters", }, { cve: "CVE-2024-32976", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2283145", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy's Brotli decompressor. This flaw allows a remote, unauthenticated attacker to trigger an infinite loop, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Brotli decompressor infinite loop", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-32976", }, { category: "external", summary: "RHBZ#2283145", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2283145", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-32976", url: "https://www.cve.org/CVERecord?id=CVE-2024-32976", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-32976", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32976", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m", }, ], release_date: "2024-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: Brotli decompressor infinite loop", }, { cve: "CVE-2024-43788", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-08-27T17:20:06.890123+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2308193", }, ], notes: [ { category: "description", text: "A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.", title: "Vulnerability description", }, { category: "summary", text: "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule", title: "Vulnerability summary", }, { category: "other", text: "The severity of this issue is classified as moderate rather than important due to the specific conditions required for exploitation. DOM Clobbering, while serious, can only be leveraged in environments where an attacker has the ability to inject unsanitized HTML attributes (e.g., `name` or `id`) into a web page. This limits the attack surface to applications that improperly sanitize user input and rely on Webpack-generated files. Furthermore, the exploitation depends on existing vulnerabilities in the sanitization process, rather than the direct execution of arbitrary scripts. As a result, while the issue can lead to XSS, its impact is constrained by the contextual requirement of HTML injection, lowering its overall severity compared to more direct XSS vectors.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43788", }, { category: "external", summary: "RHBZ#2308193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43788", url: "https://www.cve.org/CVERecord?id=CVE-2024-43788", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43788", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43788", }, { category: "external", summary: "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61", url: "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61", }, { category: "external", summary: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", url: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", }, { category: "external", summary: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", url: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", }, { category: "external", summary: "https://scnps.co/papers/sp23_domclob.pdf", url: "https://scnps.co/papers/sp23_domclob.pdf", }, ], release_date: "2024-08-27T17:15:07.967000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule", }, { cve: "CVE-2024-43799", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:30.869487+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311153", }, ], notes: [ { category: "description", text: "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", title: "Vulnerability description", }, { category: "summary", text: "send: Code Execution Vulnerability in Send Library", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "RHBZ#2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43799", url: "https://www.cve.org/CVERecord?id=CVE-2024-43799", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", }, { category: "external", summary: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", url: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", }, { category: "external", summary: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", url: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", }, ], release_date: "2024-09-10T15:15:17.727000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "send: Code Execution Vulnerability in Send Library", }, { cve: "CVE-2024-43800", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:33.631718+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311154", }, ], notes: [ { category: "description", text: "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", title: "Vulnerability description", }, { category: "summary", text: "serve-static: Improper Sanitization in serve-static", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "RHBZ#2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43800", url: "https://www.cve.org/CVERecord?id=CVE-2024-43800", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", url: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", url: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", }, { category: "external", summary: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", url: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", }, ], release_date: "2024-09-10T15:15:17.937000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "serve-static: Improper Sanitization in serve-static", }, { cve: "CVE-2024-45590", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2024-09-10T16:20:29.292154+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311171", }, ], notes: [ { category: "description", text: "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", title: "Vulnerability description", }, { category: "summary", text: "body-parser: Denial of Service Vulnerability in body-parser", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "RHBZ#2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45590", url: "https://www.cve.org/CVERecord?id=CVE-2024-45590", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", }, { category: "external", summary: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", url: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", }, { category: "external", summary: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", url: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", }, ], release_date: "2024-09-10T16:15:21.083000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "body-parser: Denial of Service Vulnerability in body-parser", }, { acknowledgments: [ { names: [ "Mike Whale", ], }, { names: [ "James Force", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2024-45806", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, discovery_date: "2024-09-20T00:40:20.976812+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313683", }, ], notes: [ { category: "description", text: "A vulnerability was found in Envoy that allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty. The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted such as changing arbitrary x-envoy headers, please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Potential to manipulate `x-envoy` headers from external sources", title: "Vulnerability summary", }, { category: "other", text: "Red Hat's CVSS score and impact are specific to our product and may not match those of upstream. This is due to how envoy is configured and used within our OpenShift Service Mesh product.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45806", }, { category: "external", summary: "RHBZ#2313683", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313683", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45806", url: "https://www.cve.org/CVERecord?id=CVE-2024-45806", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45806", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45806", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf", }, ], release_date: "2024-09-20T00:15:02.293000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "This flaw can be mitigated by configuring envoy to treat all IPs as external. This is done by setting the internal_address_config range for envoy to `0.0.0.0/32`.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: Potential to manipulate `x-envoy` headers from external sources", }, ], }
rhsa-2024_7725
Vulnerability from csaf_redhat
Published
2024-10-07 09:24
Modified
2025-01-06 21:07
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.5
Notes
Topic
Red Hat OpenShift Service Mesh Containers for 2.5.5
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)
* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)
* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule
(CVE-2024-43788)
* envoy: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode (CVE-2024-23326)
* body-parser: Denial of Service Vulnerability in body-parser (CVE-2024-45590)
* envoy: Brotli decompressor infinite loop (CVE-2024-32976)
* envoy: abnormal termination when using auto_sni with authority header longer
than 255 characters (CVE-2024-32475)
* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)
* envoy: Potential to manipulate `x-envoy` headers from external sources (CVE-2024-45806)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Service Mesh Containers for 2.5.5\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)\n* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)\n* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule\n(CVE-2024-43788)\n* envoy: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode (CVE-2024-23326)\n* body-parser: Denial of Service Vulnerability in body-parser (CVE-2024-45590)\n* envoy: Brotli decompressor infinite loop (CVE-2024-32976)\n* envoy: abnormal termination when using auto_sni with authority header longer\nthan 255 characters (CVE-2024-32475)\n* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)\n* envoy: Potential to manipulate `x-envoy` headers from external sources (CVE-2024-45806)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7725", url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2259228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2259228", }, { category: "external", summary: "2272986", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272986", }, { category: "external", summary: "2276149", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2276149", }, { category: "external", summary: "2283145", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2283145", }, { category: "external", summary: "2308193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308193", }, { category: "external", summary: "2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "2313683", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313683", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7725.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.5", tracking: { current_release_date: "2025-01-06T21:07:01+00:00", generator: { date: "2025-01-06T21:07:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:7725", initial_release_date: "2024-10-07T09:24:53+00:00", revision_history: [ { date: "2024-10-07T09:24:53+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-07T09:24:53+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T21:07:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHOSSM 2.5 for RHEL 8", product: { name: "RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.5::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.73.14-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.5.5-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.73.15-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.5.5-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.5.5-3", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.73.14-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", product_id: "openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.5.5-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", product_id: "openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.73.15-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", product_id: "openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.5.5-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.5.5-3", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.73.14-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", product_id: "openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.5.5-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.73.15-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", product_id: "openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.5.5-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.5.5-3", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.73.14-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.5.5-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.73.15-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.5.5-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.5.5-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.5.5-3", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", relates_to_product_reference: "8Base-RHOSSM-2.5", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64 as a component of RHOSSM 2.5 for RHEL 8", product_id: "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", relates_to_product_reference: "8Base-RHOSSM-2.5", }, ], }, vulnerabilities: [ { cve: "CVE-2024-23326", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2024-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2259228", }, ], notes: [ { category: "description", text: "A possible request smuggling vulnerability exists through Envoy. This issue occurs if a server can be tricked into adding an upgrade header into a response.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23326", }, { category: "external", summary: "RHBZ#2259228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2259228", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23326", url: "https://www.cve.org/CVERecord?id=CVE-2024-23326", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23326", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23326", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c", }, ], release_date: "2024-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode", }, { acknowledgments: [ { names: [ "Bartek Nowotarski", ], organization: "nowotarski.info", }, ], cve: "CVE-2024-30255", cwe: { id: "CWE-390", name: "Detection of Error Condition Without Action", }, discovery_date: "2024-04-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2272986", }, ], notes: [ { category: "description", text: "A vulnerability was found in how Envoy Proxy implements the HTTP/2 codec. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute resources to cause a Denial of Service.", title: "Vulnerability description", }, { category: "summary", text: "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream Envoy. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-30255", }, { category: "external", summary: "RHBZ#2272986", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272986", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-30255", url: "https://www.cve.org/CVERecord?id=CVE-2024-30255", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-30255", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-30255", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", }, { category: "external", summary: "https://nowotarski.info/http2-continuation-flood/", url: "https://nowotarski.info/http2-continuation-flood/", }, { category: "external", summary: "https://www.kb.cert.org/vuls/id/421644", url: "https://www.kb.cert.org/vuls/id/421644", }, ], release_date: "2024-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood", }, { cve: "CVE-2024-32475", cwe: { id: "CWE-617", name: "Reachable Assertion", }, discovery_date: "2024-04-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2276149", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy, a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with \"auto_sni\" enabled, a request containing a \"host/:authority\" header longer than 255 characters triggers an abnormal termination of the Envoy process, leading to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "envoy: abnormal termination when using auto_sni with authority header longer than 255 characters", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-32475", }, { category: "external", summary: "RHBZ#2276149", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2276149", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-32475", url: "https://www.cve.org/CVERecord?id=CVE-2024-32475", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-32475", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32475", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382", url: "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj", }, ], release_date: "2024-04-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: abnormal termination when using auto_sni with authority header longer than 255 characters", }, { cve: "CVE-2024-32976", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2283145", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy's Brotli decompressor. This flaw allows a remote, unauthenticated attacker to trigger an infinite loop, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Brotli decompressor infinite loop", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-32976", }, { category: "external", summary: "RHBZ#2283145", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2283145", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-32976", url: "https://www.cve.org/CVERecord?id=CVE-2024-32976", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-32976", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32976", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m", }, ], release_date: "2024-06-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: Brotli decompressor infinite loop", }, { cve: "CVE-2024-43788", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-08-27T17:20:06.890123+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2308193", }, ], notes: [ { category: "description", text: "A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.", title: "Vulnerability description", }, { category: "summary", text: "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule", title: "Vulnerability summary", }, { category: "other", text: "The severity of this issue is classified as moderate rather than important due to the specific conditions required for exploitation. DOM Clobbering, while serious, can only be leveraged in environments where an attacker has the ability to inject unsanitized HTML attributes (e.g., `name` or `id`) into a web page. This limits the attack surface to applications that improperly sanitize user input and rely on Webpack-generated files. Furthermore, the exploitation depends on existing vulnerabilities in the sanitization process, rather than the direct execution of arbitrary scripts. As a result, while the issue can lead to XSS, its impact is constrained by the contextual requirement of HTML injection, lowering its overall severity compared to more direct XSS vectors.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43788", }, { category: "external", summary: "RHBZ#2308193", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308193", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43788", url: "https://www.cve.org/CVERecord?id=CVE-2024-43788", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43788", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43788", }, { category: "external", summary: "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61", url: "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61", }, { category: "external", summary: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", url: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", }, { category: "external", summary: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", url: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", }, { category: "external", summary: "https://scnps.co/papers/sp23_domclob.pdf", url: "https://scnps.co/papers/sp23_domclob.pdf", }, ], release_date: "2024-08-27T17:15:07.967000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule", }, { cve: "CVE-2024-43799", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:30.869487+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311153", }, ], notes: [ { category: "description", text: "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", title: "Vulnerability description", }, { category: "summary", text: "send: Code Execution Vulnerability in Send Library", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "RHBZ#2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43799", url: "https://www.cve.org/CVERecord?id=CVE-2024-43799", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", }, { category: "external", summary: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", url: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", }, { category: "external", summary: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", url: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", }, ], release_date: "2024-09-10T15:15:17.727000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "send: Code Execution Vulnerability in Send Library", }, { cve: "CVE-2024-43800", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:33.631718+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311154", }, ], notes: [ { category: "description", text: "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", title: "Vulnerability description", }, { category: "summary", text: "serve-static: Improper Sanitization in serve-static", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "RHBZ#2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43800", url: "https://www.cve.org/CVERecord?id=CVE-2024-43800", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", url: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", url: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", }, { category: "external", summary: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", url: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", }, ], release_date: "2024-09-10T15:15:17.937000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "serve-static: Improper Sanitization in serve-static", }, { cve: "CVE-2024-45590", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2024-09-10T16:20:29.292154+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311171", }, ], notes: [ { category: "description", text: "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", title: "Vulnerability description", }, { category: "summary", text: "body-parser: Denial of Service Vulnerability in body-parser", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "RHBZ#2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45590", url: "https://www.cve.org/CVERecord?id=CVE-2024-45590", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", }, { category: "external", summary: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", url: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", }, { category: "external", summary: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", url: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", }, ], release_date: "2024-09-10T16:15:21.083000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "body-parser: Denial of Service Vulnerability in body-parser", }, { acknowledgments: [ { names: [ "Mike Whale", ], }, { names: [ "James Force", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2024-45806", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, discovery_date: "2024-09-20T00:40:20.976812+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313683", }, ], notes: [ { category: "description", text: "A vulnerability was found in Envoy that allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty. The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted such as changing arbitrary x-envoy headers, please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Potential to manipulate `x-envoy` headers from external sources", title: "Vulnerability summary", }, { category: "other", text: "Red Hat's CVSS score and impact are specific to our product and may not match those of upstream. This is due to how envoy is configured and used within our OpenShift Service Mesh product.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45806", }, { category: "external", summary: "RHBZ#2313683", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313683", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45806", url: "https://www.cve.org/CVERecord?id=CVE-2024-45806", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45806", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45806", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf", }, ], release_date: "2024-09-20T00:15:02.293000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-07T09:24:53+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7725", }, { category: "workaround", details: "This flaw can be mitigated by configuring envoy to treat all IPs as external. This is done by setting the internal_address_config range for envoy to `0.0.0.0/32`.", product_ids: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x", "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: Potential to manipulate `x-envoy` headers from external sources", }, ], }
rhsa-2024:4520
Vulnerability from csaf_redhat
Published
2024-07-11 17:32
Modified
2025-04-23 07:29
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.16 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.7.16 is now available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)
* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "The Migration Toolkit for Containers (MTC) 1.7.16 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\n* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)\n\n* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)\n\n* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)\n\n* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)\n\n* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4520", url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2268017", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", }, { category: "external", summary: "2268019", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", }, { category: "external", summary: "2268021", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", }, { category: "external", summary: "2268022", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", }, { category: "external", summary: "2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "2272986", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272986", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4520.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.16 security and bug fix update", tracking: { current_release_date: "2025-04-23T07:29:43+00:00", generator: { date: "2025-04-23T07:29:43+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:4520", initial_release_date: "2024-07-11T17:32:34+00:00", revision_history: [ { date: "2024-07-11T17:32:34+00:00", number: "1", summary: "Initial version", }, { date: "2024-07-11T17:32:34+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-23T07:29:43+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "8Base-RHMTC-1.7", product: { name: "8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7", product_identification_helper: { cpe: "cpe:/a:redhat:rhmt:1.7::el8", }, }, }, ], category: "product_family", name: "Red Hat Migration Toolkit", }, { branches: [ { category: "product_version", name: "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", product: { name: "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", product_id: "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8&tag=v1.7.16-4", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", product: { name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", product_id: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", product: { name: "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", product_id: "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator&tag=v1.7.16-7", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", product: { name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", product_id: "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", product: { name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", product_id: "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8&tag=v1.7.16-6", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", product: { name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", product_id: "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8&tag=v1.7.16-6", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", product: { name: "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", product_id: "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator&tag=v1.7.16-6", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", product: { name: "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", product_id: "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle&tag=v1.7.16-7", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", product: { name: "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", product_id: "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", product: { name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", product_id: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", product: { name: "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", product_id: "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8&tag=v1.7.16-6", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", product: { name: "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", product_id: "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8&tag=v1.7.16-4", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", product: { name: "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", product_id: "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", product: { name: "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", product_id: "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8&tag=v1.7.16-6", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", product: { name: "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", product_id: "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", product: { name: "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", product_id: "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8&tag=v1.7.16-4", }, }, }, { category: "product_version", name: "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", product: { name: "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", product_id: "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", product_identification_helper: { purl: "pkg:oci/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8&tag=v1.7.16-5", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", }, product_reference: "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", }, product_reference: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", }, product_reference: "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", }, product_reference: "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", }, product_reference: "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", }, product_reference: "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", }, product_reference: "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", }, product_reference: "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", }, product_reference: "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", }, product_reference: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", }, product_reference: "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", }, product_reference: "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", }, product_reference: "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", }, product_reference: "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", }, product_reference: "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", }, product_reference: "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", }, product_reference: "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, ], }, vulnerabilities: [ { cve: "CVE-2023-45290", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268017", }, ], notes: [ { category: "description", text: "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-45290", }, { category: "external", summary: "RHBZ#2268017", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-45290", url: "https://www.cve.org/CVERecord?id=CVE-2023-45290", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/03/08/4", url: "http://www.openwall.com/lists/oss-security/2024/03/08/4", }, { category: "external", summary: "https://go.dev/cl/569341", url: "https://go.dev/cl/569341", }, { category: "external", summary: "https://go.dev/issue/65383", url: "https://go.dev/issue/65383", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2599", url: "https://pkg.go.dev/vuln/GO-2024-2599", }, { category: "external", summary: "https://security.netapp.com/advisory/ntap-20240329-0004", url: "https://security.netapp.com/advisory/ntap-20240329-0004", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", }, { cve: "CVE-2024-24783", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-03-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268019", }, ], notes: [ { category: "description", text: "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24783", }, { category: "external", summary: "RHBZ#2268019", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24783", url: "https://www.cve.org/CVERecord?id=CVE-2024-24783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/03/08/4", url: "http://www.openwall.com/lists/oss-security/2024/03/08/4", }, { category: "external", summary: "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", url: "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", }, { category: "external", summary: "https://go.dev/cl/569339", url: "https://go.dev/cl/569339", }, { category: "external", summary: "https://go.dev/issue/65390", url: "https://go.dev/issue/65390", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2598", url: "https://pkg.go.dev/vuln/GO-2024-2598", }, { category: "external", summary: "https://security.netapp.com/advisory/ntap-20240329-0005", url: "https://security.netapp.com/advisory/ntap-20240329-0005", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", }, { cve: "CVE-2024-24784", cwe: { id: "CWE-115", name: "Misinterpretation of Input", }, discovery_date: "2024-03-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268021", }, ], notes: [ { category: "description", text: "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/mail: comments in display names are incorrectly handled", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24784", }, { category: "external", summary: "RHBZ#2268021", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24784", url: "https://www.cve.org/CVERecord?id=CVE-2024-24784", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/mail: comments in display names are incorrectly handled", }, { cve: "CVE-2024-24785", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, discovery_date: "2024-03-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268022", }, ], notes: [ { category: "description", text: "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", title: "Vulnerability description", }, { category: "summary", text: "golang: html/template: errors returned from MarshalJSON methods may break template escaping", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24785", }, { category: "external", summary: "RHBZ#2268022", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24785", url: "https://www.cve.org/CVERecord?id=CVE-2024-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", }, { category: "external", summary: "https://go.dev/cl/564196", url: "https://go.dev/cl/564196", }, { category: "external", summary: "https://go.dev/issue/65697", url: "https://go.dev/issue/65697", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2024-2610.json", url: "https://vuln.go.dev/ID/GO-2024-2610.json", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: html/template: errors returned from MarshalJSON methods may break template escaping", }, { cve: "CVE-2024-29180", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270863", }, ], notes: [ { category: "description", text: "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", title: "Vulnerability description", }, { category: "summary", text: "webpack-dev-middleware: lack of URL validation may lead to file leak", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29180", }, { category: "external", summary: "RHBZ#2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29180", url: "https://www.cve.org/CVERecord?id=CVE-2024-29180", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", }, { category: "external", summary: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", url: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", }, ], release_date: "2024-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "webpack-dev-middleware: lack of URL validation may lead to file leak", }, { acknowledgments: [ { names: [ "Bartek Nowotarski", ], organization: "nowotarski.info", }, ], cve: "CVE-2024-30255", cwe: { id: "CWE-390", name: "Detection of Error Condition Without Action", }, discovery_date: "2024-04-02T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2272986", }, ], notes: [ { category: "description", text: "A vulnerability was found in how Envoy Proxy implements the HTTP/2 codec. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute resources to cause a Denial of Service.", title: "Vulnerability description", }, { category: "summary", text: "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream Envoy. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-30255", }, { category: "external", summary: "RHBZ#2272986", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272986", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-30255", url: "https://www.cve.org/CVERecord?id=CVE-2024-30255", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-30255", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-30255", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", }, { category: "external", summary: "https://nowotarski.info/http2-continuation-flood/", url: "https://nowotarski.info/http2-continuation-flood/", }, { category: "external", summary: "https://www.kb.cert.org/vuls/id/421644", url: "https://www.kb.cert.org/vuls/id/421644", }, ], release_date: "2024-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood", }, ], }
rhsa-2024_4520
Vulnerability from csaf_redhat
Published
2024-07-11 17:32
Modified
2025-01-06 21:06
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.16 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.7.16 is now available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)
* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "The Migration Toolkit for Containers (MTC) 1.7.16 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\n* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)\n\n* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)\n\n* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)\n\n* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)\n\n* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4520", url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2268017", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", }, { category: "external", summary: "2268019", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", }, { category: "external", summary: "2268021", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", }, { category: "external", summary: "2268022", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", }, { category: "external", summary: "2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "2272986", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272986", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4520.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.16 security and bug fix update", tracking: { current_release_date: "2025-01-06T21:06:50+00:00", generator: { date: "2025-01-06T21:06:50+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:4520", initial_release_date: "2024-07-11T17:32:34+00:00", revision_history: [ { date: "2024-07-11T17:32:34+00:00", number: "1", summary: "Initial version", }, { date: "2024-07-11T17:32:34+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T21:06:50+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "8Base-RHMTC-1.7", product: { name: "8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7", product_identification_helper: { cpe: "cpe:/a:redhat:rhmt:1.7::el8", }, }, }, ], category: "product_family", name: "Red Hat Migration Toolkit", }, { branches: [ { category: "product_version", name: "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", product: { name: "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", product_id: "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8&tag=v1.7.16-4", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", product: { name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", product_id: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", product: { name: "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", product_id: "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator&tag=v1.7.16-7", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", product: { name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", product_id: "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", product: { name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", product_id: "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8&tag=v1.7.16-6", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", product: { name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", product_id: "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8&tag=v1.7.16-6", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", product: { name: "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", product_id: "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator&tag=v1.7.16-6", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", product: { name: "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", product_id: "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle&tag=v1.7.16-7", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", product: { name: "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", product_id: "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", product: { name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", product_id: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", product: { name: "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", product_id: "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8&tag=v1.7.16-6", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", product: { name: "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", product_id: "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8&tag=v1.7.16-4", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", product: { name: "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", product_id: "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", product: { name: "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", product_id: "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8&tag=v1.7.16-6", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", product: { name: "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", product_id: "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", product: { name: "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", product_id: "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8&tag=v1.7.16-4", }, }, }, { category: "product_version", name: "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", product: { name: "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", product_id: "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", product_identification_helper: { purl: "pkg:oci/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8&tag=v1.7.16-5", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", }, product_reference: "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", }, product_reference: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", }, product_reference: "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", }, product_reference: "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", }, product_reference: "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", }, product_reference: "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", }, product_reference: "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", }, product_reference: "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", }, product_reference: "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", }, product_reference: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", }, product_reference: "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", }, product_reference: "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", }, product_reference: "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", }, product_reference: "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", }, product_reference: "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", }, product_reference: "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", }, product_reference: "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, ], }, vulnerabilities: [ { cve: "CVE-2023-45290", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268017", }, ], notes: [ { category: "description", text: "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-45290", }, { category: "external", summary: "RHBZ#2268017", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-45290", url: "https://www.cve.org/CVERecord?id=CVE-2023-45290", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/03/08/4", url: "http://www.openwall.com/lists/oss-security/2024/03/08/4", }, { category: "external", summary: "https://go.dev/cl/569341", url: "https://go.dev/cl/569341", }, { category: "external", summary: "https://go.dev/issue/65383", url: "https://go.dev/issue/65383", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2599", url: "https://pkg.go.dev/vuln/GO-2024-2599", }, { category: "external", summary: "https://security.netapp.com/advisory/ntap-20240329-0004", url: "https://security.netapp.com/advisory/ntap-20240329-0004", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", }, { cve: "CVE-2024-24783", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-03-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268019", }, ], notes: [ { category: "description", text: "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24783", }, { category: "external", summary: "RHBZ#2268019", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24783", url: "https://www.cve.org/CVERecord?id=CVE-2024-24783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/03/08/4", url: "http://www.openwall.com/lists/oss-security/2024/03/08/4", }, { category: "external", summary: "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", url: "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", }, { category: "external", summary: "https://go.dev/cl/569339", url: "https://go.dev/cl/569339", }, { category: "external", summary: "https://go.dev/issue/65390", url: "https://go.dev/issue/65390", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2598", url: "https://pkg.go.dev/vuln/GO-2024-2598", }, { category: "external", summary: "https://security.netapp.com/advisory/ntap-20240329-0005", url: "https://security.netapp.com/advisory/ntap-20240329-0005", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", }, { cve: "CVE-2024-24784", cwe: { id: "CWE-115", name: "Misinterpretation of Input", }, discovery_date: "2024-03-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268021", }, ], notes: [ { category: "description", text: "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/mail: comments in display names are incorrectly handled", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24784", }, { category: "external", summary: "RHBZ#2268021", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24784", url: "https://www.cve.org/CVERecord?id=CVE-2024-24784", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/mail: comments in display names are incorrectly handled", }, { cve: "CVE-2024-24785", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, discovery_date: "2024-03-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268022", }, ], notes: [ { category: "description", text: "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", title: "Vulnerability description", }, { category: "summary", text: "golang: html/template: errors returned from MarshalJSON methods may break template escaping", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24785", }, { category: "external", summary: "RHBZ#2268022", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24785", url: "https://www.cve.org/CVERecord?id=CVE-2024-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", }, { category: "external", summary: "https://go.dev/cl/564196", url: "https://go.dev/cl/564196", }, { category: "external", summary: "https://go.dev/issue/65697", url: "https://go.dev/issue/65697", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2024-2610.json", url: "https://vuln.go.dev/ID/GO-2024-2610.json", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: html/template: errors returned from MarshalJSON methods may break template escaping", }, { cve: "CVE-2024-29180", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270863", }, ], notes: [ { category: "description", text: "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", title: "Vulnerability description", }, { category: "summary", text: "webpack-dev-middleware: lack of URL validation may lead to file leak", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29180", }, { category: "external", summary: "RHBZ#2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29180", url: "https://www.cve.org/CVERecord?id=CVE-2024-29180", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", }, { category: "external", summary: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", url: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", }, ], release_date: "2024-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "webpack-dev-middleware: lack of URL validation may lead to file leak", }, { acknowledgments: [ { names: [ "Bartek Nowotarski", ], organization: "nowotarski.info", }, ], cve: "CVE-2024-30255", cwe: { id: "CWE-390", name: "Detection of Error Condition Without Action", }, discovery_date: "2024-04-02T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2272986", }, ], notes: [ { category: "description", text: "A vulnerability was found in how Envoy Proxy implements the HTTP/2 codec. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute resources to cause a Denial of Service.", title: "Vulnerability description", }, { category: "summary", text: "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream Envoy. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-30255", }, { category: "external", summary: "RHBZ#2272986", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272986", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-30255", url: "https://www.cve.org/CVERecord?id=CVE-2024-30255", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-30255", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-30255", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", }, { category: "external", summary: "https://nowotarski.info/http2-continuation-flood/", url: "https://nowotarski.info/http2-continuation-flood/", }, { category: "external", summary: "https://www.kb.cert.org/vuls/id/421644", url: "https://www.kb.cert.org/vuls/id/421644", }, ], release_date: "2024-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood", }, ], }
RHSA-2024:4520
Vulnerability from csaf_redhat
Published
2024-07-11 17:32
Modified
2025-04-23 07:29
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.16 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.7.16 is now available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)
* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "The Migration Toolkit for Containers (MTC) 1.7.16 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\n* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)\n\n* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)\n\n* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)\n\n* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)\n\n* envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood (CVE-2024-30255)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4520", url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2268017", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", }, { category: "external", summary: "2268019", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", }, { category: "external", summary: "2268021", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", }, { category: "external", summary: "2268022", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", }, { category: "external", summary: "2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "2272986", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272986", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4520.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.16 security and bug fix update", tracking: { current_release_date: "2025-04-23T07:29:43+00:00", generator: { date: "2025-04-23T07:29:43+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:4520", initial_release_date: "2024-07-11T17:32:34+00:00", revision_history: [ { date: "2024-07-11T17:32:34+00:00", number: "1", summary: "Initial version", }, { date: "2024-07-11T17:32:34+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-23T07:29:43+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "8Base-RHMTC-1.7", product: { name: "8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7", product_identification_helper: { cpe: "cpe:/a:redhat:rhmt:1.7::el8", }, }, }, ], category: "product_family", name: "Red Hat Migration Toolkit", }, { branches: [ { category: "product_version", name: "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", product: { name: "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", product_id: "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8&tag=v1.7.16-4", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", product: { name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", product_id: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", product: { name: "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", product_id: "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator&tag=v1.7.16-7", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", product: { name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", product_id: "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", product: { name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", product_id: "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8&tag=v1.7.16-6", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", product: { name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", product_id: "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8&tag=v1.7.16-6", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", product: { name: "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", product_id: "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator&tag=v1.7.16-6", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", product: { name: "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", product_id: "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle&tag=v1.7.16-7", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", product: { name: "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", product_id: "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", product: { name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", product_id: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", product: { name: "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", product_id: "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8&tag=v1.7.16-6", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", product: { name: "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", product_id: "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8&tag=v1.7.16-4", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", product: { name: "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", product_id: "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", product: { name: "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", product_id: "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8&tag=v1.7.16-6", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", product: { name: "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", product_id: "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8&tag=v1.7.16-5", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", product: { name: "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", product_id: "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8&tag=v1.7.16-4", }, }, }, { category: "product_version", name: "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", product: { name: "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", product_id: "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", product_identification_helper: { purl: "pkg:oci/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8&tag=v1.7.16-5", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", }, product_reference: "rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", }, product_reference: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", }, product_reference: "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", }, product_reference: "rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", }, product_reference: "rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", }, product_reference: "rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", }, product_reference: "rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", }, product_reference: "rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", }, product_reference: "rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", }, product_reference: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", }, product_reference: "rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", }, product_reference: "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", }, product_reference: "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", }, product_reference: "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", }, product_reference: "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", }, product_reference: "rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64 as a component of 8Base-RHMTC-1.7", product_id: "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", }, product_reference: "rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", relates_to_product_reference: "8Base-RHMTC-1.7", }, ], }, vulnerabilities: [ { cve: "CVE-2023-45290", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268017", }, ], notes: [ { category: "description", text: "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-45290", }, { category: "external", summary: "RHBZ#2268017", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-45290", url: "https://www.cve.org/CVERecord?id=CVE-2023-45290", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/03/08/4", url: "http://www.openwall.com/lists/oss-security/2024/03/08/4", }, { category: "external", summary: "https://go.dev/cl/569341", url: "https://go.dev/cl/569341", }, { category: "external", summary: "https://go.dev/issue/65383", url: "https://go.dev/issue/65383", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2599", url: "https://pkg.go.dev/vuln/GO-2024-2599", }, { category: "external", summary: "https://security.netapp.com/advisory/ntap-20240329-0004", url: "https://security.netapp.com/advisory/ntap-20240329-0004", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", }, { cve: "CVE-2024-24783", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-03-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268019", }, ], notes: [ { category: "description", text: "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24783", }, { category: "external", summary: "RHBZ#2268019", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24783", url: "https://www.cve.org/CVERecord?id=CVE-2024-24783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/03/08/4", url: "http://www.openwall.com/lists/oss-security/2024/03/08/4", }, { category: "external", summary: "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", url: "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", }, { category: "external", summary: "https://go.dev/cl/569339", url: "https://go.dev/cl/569339", }, { category: "external", summary: "https://go.dev/issue/65390", url: "https://go.dev/issue/65390", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2598", url: "https://pkg.go.dev/vuln/GO-2024-2598", }, { category: "external", summary: "https://security.netapp.com/advisory/ntap-20240329-0005", url: "https://security.netapp.com/advisory/ntap-20240329-0005", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", }, { cve: "CVE-2024-24784", cwe: { id: "CWE-115", name: "Misinterpretation of Input", }, discovery_date: "2024-03-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268021", }, ], notes: [ { category: "description", text: "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/mail: comments in display names are incorrectly handled", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24784", }, { category: "external", summary: "RHBZ#2268021", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24784", url: "https://www.cve.org/CVERecord?id=CVE-2024-24784", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/mail: comments in display names are incorrectly handled", }, { cve: "CVE-2024-24785", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, discovery_date: "2024-03-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268022", }, ], notes: [ { category: "description", text: "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", title: "Vulnerability description", }, { category: "summary", text: "golang: html/template: errors returned from MarshalJSON methods may break template escaping", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24785", }, { category: "external", summary: "RHBZ#2268022", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24785", url: "https://www.cve.org/CVERecord?id=CVE-2024-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", }, { category: "external", summary: "https://go.dev/cl/564196", url: "https://go.dev/cl/564196", }, { category: "external", summary: "https://go.dev/issue/65697", url: "https://go.dev/issue/65697", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2024-2610.json", url: "https://vuln.go.dev/ID/GO-2024-2610.json", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: html/template: errors returned from MarshalJSON methods may break template escaping", }, { cve: "CVE-2024-29180", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270863", }, ], notes: [ { category: "description", text: "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", title: "Vulnerability description", }, { category: "summary", text: "webpack-dev-middleware: lack of URL validation may lead to file leak", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29180", }, { category: "external", summary: "RHBZ#2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29180", url: "https://www.cve.org/CVERecord?id=CVE-2024-29180", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", }, { category: "external", summary: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", url: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", }, ], release_date: "2024-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "webpack-dev-middleware: lack of URL validation may lead to file leak", }, { acknowledgments: [ { names: [ "Bartek Nowotarski", ], organization: "nowotarski.info", }, ], cve: "CVE-2024-30255", cwe: { id: "CWE-390", name: "Detection of Error Condition Without Action", }, discovery_date: "2024-04-02T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2272986", }, ], notes: [ { category: "description", text: "A vulnerability was found in how Envoy Proxy implements the HTTP/2 codec. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute resources to cause a Denial of Service.", title: "Vulnerability description", }, { category: "summary", text: "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream Envoy. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", ], known_not_affected: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-30255", }, { category: "external", summary: "RHBZ#2272986", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272986", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-30255", url: "https://www.cve.org/CVERecord?id=CVE-2024-30255", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-30255", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-30255", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", }, { category: "external", summary: "https://nowotarski.info/http2-continuation-flood/", url: "https://nowotarski.info/http2-continuation-flood/", }, { category: "external", summary: "https://www.kb.cert.org/vuls/id/421644", url: "https://www.kb.cert.org/vuls/id/421644", }, ], release_date: "2024-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-11T17:32:34+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4520", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:a5620a35a89b38cc9f8ef6147efe40b9a62d5f8d961968e81e4b84e0f6337c94_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:56eae69c12cf1c7f1c7fd64a938c669bdc50dd353f733f1971c35d0b9ef56e48_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:434e8a6dae031c7aa99728e1f2d9bbaae6bd8ff64d6e06c3597a8f14e6590c03_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:97399e762ce9744f026eb2cf6366b5f286e4a92b32db30b79787901eb580fbf4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:652082a93de2fc55d5046e1b0d04fe034459b60b0549bb75c15a9972c96ae68f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:3e7567bd91be37295cc85532dd304cebd37828ddf5b88a511f9e4ad101ec7349_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:4de0188e7e57ab94a125c454e0be15ff701e7f5c52660c357386cc303feb70e8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:ea7d70b11eb094a586b40e16b91a3003c1dc57ae80ac9e298e0971460e095f08_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:da6b96d2e936f2c8c14b5e7273623c1872d86ce67698e7494c74adb8fdfcee57_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:e95991a0d2c516ac5c8fcc1b741b3d3b30adb16ed9656079454d0b4103311480_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:c392763d7f67dcef77b013b0fc977c3854b44dc33e6737e3608c62ce565c1f68_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:399d46d5b2aef2f8ce82943164362d8946c87876be14437198df877c007e2f12_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:4a69ad5f28081c0ca8d11081af1b0751e7ca24457e879941cffc6ef0587d2b28_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:395d982a9939f0dc24d713e15f42b72811b2a68d97f8a20e69ae0fda931f1c46_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6b9712b1c36920b9c1f1824f7b1520a05fdf110040295660ebbab0d17601bb0d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:5a773ec0f63de6bc1d340ad3a322f9e61eec39922de6c078df0560705455695e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:46827d5f7d1e6ff68eb9ef4d5efd6478d531a0b2b5d4ab4169485ddb43e69b06_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood", }, ], }
gsd-2024-30255
Vulnerability from gsd
Modified
2024-04-03 05:02
Details
Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.
Aliases
{ gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2024-30255", ], details: "Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.", id: "GSD-2024-30255", modified: "2024-04-03T05:02:29.110738Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2024-30255", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "envoy", version: { version_data: [ { version_affected: "=", version_value: ">= 1.29.0, < 1.29.3", }, { version_affected: "=", version_value: ">= 1.28.0, < 1.28.2", }, { version_affected: "=", version_value: ">= 1.27.0, < 1.27.4", }, { version_affected: "=", version_value: "< 1.26.8", }, ], }, }, ], }, vendor_name: "envoyproxy", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.", }, ], }, impact: { cvss: [ { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { cweId: "CWE-390", lang: "eng", value: "CWE-390: Detection of Error Condition Without Action", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", refsource: "MISC", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", }, ], }, source: { advisory: "GHSA-j654-3ccm-vfmm", discovery: "UNKNOWN", }, }, "nvd.nist.gov": { cve: { descriptions: [ { lang: "en", value: "Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.", }, { lang: "es", value: "Envoy es un proxy de servicio y borde de código abierto, nativo de la nube. La pila de protocolos HTTP/2 en las versiones de Envoy anteriores a 1.29.3, 1.28.2, 1.27.4 y 1.26.8 son vulnerables al agotamiento de la CPU debido a la inundación de tramas de CONTINUACIÓN. El códec HTTP/2 de Envoy permite al cliente enviar un número ilimitado de tramas de CONTINUACIÓN incluso después de exceder los límites del mapa de encabezado de Envoy. Esto permite a un atacante enviar una secuencia de tramas CONTINUATION sin que el bit END_HEADERS esté configurado causando la utilización de la CPU, consumiendo aproximadamente 1 núcleo por cada 300 Mbit/s de tráfico y culminando en una denegación de servicio por agotamiento de la CPU. Los usuarios deben actualizar a la versión 1.29.3, 1.28.2, 1.27.4 o 1.26.8 para mitigar los efectos de la inundación de CONTINUACIÓN. Como workaround, deshabilite el protocolo HTTP/2 para conexiones descendentes.", }, ], id: "CVE-2024-30255", lastModified: "2024-04-05T12:40:52.763", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2024-04-04T20:15:08.983", references: [ { source: "security-advisories@github.com", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-390", }, ], source: "security-advisories@github.com", type: "Secondary", }, ], }, }, }, }
fkie_cve-2024-30255
Vulnerability from fkie_nvd
Published
2024-04-04 20:15
Modified
2024-11-21 09:11
Severity ?
Summary
Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.", }, { lang: "es", value: "Envoy es un proxy de servicio y borde de código abierto, nativo de la nube. La pila de protocolos HTTP/2 en las versiones de Envoy anteriores a 1.29.3, 1.28.2, 1.27.4 y 1.26.8 son vulnerables al agotamiento de la CPU debido a la inundación de tramas de CONTINUACIÓN. El códec HTTP/2 de Envoy permite al cliente enviar un número ilimitado de tramas de CONTINUACIÓN incluso después de exceder los límites del mapa de encabezado de Envoy. Esto permite a un atacante enviar una secuencia de tramas CONTINUATION sin que el bit END_HEADERS esté configurado causando la utilización de la CPU, consumiendo aproximadamente 1 núcleo por cada 300 Mbit/s de tráfico y culminando en una denegación de servicio por agotamiento de la CPU. Los usuarios deben actualizar a la versión 1.29.3, 1.28.2, 1.27.4 o 1.26.8 para mitigar los efectos de la inundación de CONTINUACIÓN. Como workaround, deshabilite el protocolo HTTP/2 para conexiones descendentes.", }, ], id: "CVE-2024-30255", lastModified: "2024-11-21T09:11:33.297", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2024-04-04T20:15:08.983", references: [ { source: "security-advisories@github.com", url: "http://www.openwall.com/lists/oss-security/2024/04/03/16", }, { source: "security-advisories@github.com", url: "http://www.openwall.com/lists/oss-security/2024/04/05/3", }, { source: "security-advisories@github.com", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/04/03/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/04/05/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-390", }, ], source: "security-advisories@github.com", type: "Secondary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.