Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-48387 (GCVE-0-2025-48387)
Vulnerability from cvelistv5
Published
2025-06-02 19:20
Modified
2025-11-03 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T02:03:18.780964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:44:57.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:04:45.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tar-fs",
"vendor": "mafintosh",
"versions": [
{
"status": "affected",
"version": "\u003c 1.16.5"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.3"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T19:26:29.851Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v"
},
{
"name": "https://github.com/google/security-research/security/advisories/GHSA-xrg4-qp5w-2c3w",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-xrg4-qp5w-2c3w"
},
{
"name": "https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f"
}
],
"source": {
"advisory": "GHSA-8cj5-5rvv-wf4v",
"discovery": "UNKNOWN"
},
"title": "tar-fs has issue where extract can write outside the specified dir with a specific tarball"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48387",
"datePublished": "2025-06-02T19:20:18.220Z",
"dateReserved": "2025-05-19T15:46:00.397Z",
"dateUpdated": "2025-11-03T20:04:45.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-48387\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-06-02T20:15:22.930\",\"lastModified\":\"2025-11-03T20:19:06.267\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.\"},{\"lang\":\"es\",\"value\":\"tar-fs proporciona enlaces de sistema de archivos para tar-stream. Las versiones anteriores a 3.0.9, 2.1.3 y 1.16.5 presentan un problema que permite que un extracto escriba fuera del directorio especificado con un archivo tar espec\u00edfico. Esto se ha corregido en las versiones 3.0.9, 2.1.3 y 1.16.5. Como workaround, utilice la opci\u00f3n ignorar para ignorar archivos o directorios que no sean archivos.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"references\":[{\"url\":\"https://github.com/google/security-research/security/advisories/GHSA-xrg4-qp5w-2c3w\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/06/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/06/msg00012.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:04:45.253Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-48387\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-03T02:03:18.780964Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-03T02:03:30.814Z\"}}], \"cna\": {\"title\": \"tar-fs has issue where extract can write outside the specified dir with a specific tarball\", \"source\": {\"advisory\": \"GHSA-8cj5-5rvv-wf4v\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"mafintosh\", \"product\": \"tar-fs\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.16.5\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.0.0, \u003c 2.1.3\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.0.0, \u003c 3.0.9\"}]}], \"references\": [{\"url\": \"https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v\", \"name\": \"https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/google/security-research/security/advisories/GHSA-xrg4-qp5w-2c3w\", \"name\": \"https://github.com/google/security-research/security/advisories/GHSA-xrg4-qp5w-2c3w\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f\", \"name\": \"https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-14T19:26:29.851Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-48387\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T20:04:45.253Z\", \"dateReserved\": \"2025-05-19T15:46:00.397Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-06-02T19:20:18.220Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-1025
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une falsification de requêtes côté serveur (SSRF).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Software Data Center versions antérieures à 11.2.0 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.3.10 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.7.3 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.5.4 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.2.6 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.7.3 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 11.2.0 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.12.26 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.3.10 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 11.2.0 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.7.3 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 11.2.0 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.2.6 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 10.0.2 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.26 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 10.1.1 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.12.26 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.3.1 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.7.3 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.3.10 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.26 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.20 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.4.0 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 10.0.2 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.5.4 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.20 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.4.0 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.3.10 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.3.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 11.2.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.10",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.5.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 11.2.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.10",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 11.2.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 11.2.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.3.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.3.10",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.20",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.5.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.20",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.10",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.3.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
}
],
"initial_release_date": "2025-11-19T00:00:00",
"last_revision_date": "2025-11-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1025",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101488",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101488"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16435",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16435"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26537",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26537"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101480",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101480"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101486",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101486"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101487",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101487"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101485",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101485"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101479",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101479"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101477",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101477"
}
]
}
CERTFR-2025-AVI-0651
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 14.10.x sans le dernier correctif de sécurité | ||
| IBM | Db2 | Db2 versions 12.1.x antérieures à 12.1.2 | ||
| IBM | QRadar | QRadar Investigation Assistant versions 1.x antérieures à 1.1.0 | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 12.10.x sans le dernier correctif de sécurité | ||
| IBM | Cognos Analytics | Cognos Analytics 12.1.x antérieures à 12.1.0 IF2 | ||
| IBM | WebSphere | WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité PH67120 et PH67183 | ||
| IBM | Db2 | Db2 versions 11.1.x antérieures à 11.1.4 FP7 sans le dernier correctif de sécurité temporaire | ||
| IBM | Tivoli | Tivoli System Automation Application Manager 4.1 sans le correctif de sécurité pour WebSphere Application Server 9.0 | ||
| IBM | Cognos Analytics | Cognos Analytics 11.2.x antérieures à 11.2.4 FP6 | ||
| IBM | Db2 | Db2 versions 11.5.x antérieures à 11.5.9 sans le dernier correctif de sécurité temporaire | ||
| IBM | Cognos Analytics | Cognos Analytics 12.0.x antérieures à 12.0.4 FP1 | ||
| IBM | Db2 | Db2 versions 10.5.x antérieures à 10.5 FP11 sans le dernier correctif de sécurité temporaire |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Informix Dynamic Server versions 14.10.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Investigation Assistant versions 1.x ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 12.10.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics\t12.1.x ant\u00e9rieures \u00e0 12.1.0 IF2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 PH67120 et PH67183",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 11.1.x ant\u00e9rieures \u00e0 11.1.4 FP7 sans le dernier correctif de s\u00e9curit\u00e9 temporaire",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli System Automation Application Manager 4.1 sans le correctif de s\u00e9curit\u00e9 pour WebSphere Application Server 9.0",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics\t11.2.x ant\u00e9rieures \u00e0 11.2.4 FP6",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.9 sans le dernier correctif de s\u00e9curit\u00e9 temporaire",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics\t12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 10.5.x ant\u00e9rieures \u00e0 10.5 FP11 sans le dernier correctif de s\u00e9curit\u00e9 temporaire",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0755"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-49342",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49342"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2025-30472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30472"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-33092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-36097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-49343",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49343"
},
{
"name": "CVE-2025-47278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47278"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-27607",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27607"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
}
],
"initial_release_date": "2025-08-01T00:00:00",
"last_revision_date": "2025-08-01T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0651",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240941",
"url": "https://www.ibm.com/support/pages/node/7240941"
},
{
"published_at": "2025-07-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240649",
"url": "https://www.ibm.com/support/pages/node/7240649"
},
{
"published_at": "2025-07-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240898",
"url": "https://www.ibm.com/support/pages/node/7240898"
},
{
"published_at": "2025-07-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240775",
"url": "https://www.ibm.com/support/pages/node/7240775"
},
{
"published_at": "2025-07-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240798",
"url": "https://www.ibm.com/support/pages/node/7240798"
},
{
"published_at": "2025-07-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7239462",
"url": "https://www.ibm.com/support/pages/node/7239462"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240952",
"url": "https://www.ibm.com/support/pages/node/7240952"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240940",
"url": "https://www.ibm.com/support/pages/node/7240940"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240946",
"url": "https://www.ibm.com/support/pages/node/7240946"
},
{
"published_at": "2025-07-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240777",
"url": "https://www.ibm.com/support/pages/node/7240777"
},
{
"published_at": "2025-07-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240899",
"url": "https://www.ibm.com/support/pages/node/7240899"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240977",
"url": "https://www.ibm.com/support/pages/node/7240977"
}
]
}
CERTFR-2025-AVI-0896
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.4.x antérieures à 6.4.0.4 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions antérieures à 1.11.5.0 | ||
| IBM | QRadar | QRadar Investigation Assistant versions antérieures à 1.2.0 | ||
| IBM | WebSphere | WebSphere eXtreme Scale versions 8.6.1.x sans le correctif APAR PH68446 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions antérieures à 1.11.5.0 | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.19 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.15 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.29 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.4",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.11.5.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Investigation Assistant versions ant\u00e9rieures \u00e0 1.2.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere eXtreme Scale versions 8.6.1.x sans le correctif APAR PH68446",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.11.5.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.19",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.15",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.29",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-46548",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46548"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2023-32082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32082"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2019-9674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
},
{
"name": "CVE-2024-6866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6866"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2018-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8740"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-49826",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49826"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-30474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30474"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2023-44389",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44389"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6844"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2022-22968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-27553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27553"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-47278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47278"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-49005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49005"
},
{
"name": "CVE-2025-30218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30218"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2022-31628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31628"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2024-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7598"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-46653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46653"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2024-6839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6839"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2024-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44906"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
}
],
"initial_release_date": "2025-10-17T00:00:00",
"last_revision_date": "2025-10-17T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0896",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247985",
"url": "https://www.ibm.com/support/pages/node/7247985"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247975",
"url": "https://www.ibm.com/support/pages/node/7247975"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247893",
"url": "https://www.ibm.com/support/pages/node/7247893"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248127",
"url": "https://www.ibm.com/support/pages/node/7248127"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248118",
"url": "https://www.ibm.com/support/pages/node/7248118"
}
]
}
rhsa-2025:10992
Vulnerability from csaf_redhat
Published
2025-07-14 19:46
Modified
2025-11-25 10:19
Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.5.3 release.
Notes
Topic
Red Hat Developer Hub 1.5.3 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.5.3 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10992",
"url": "https://access.redhat.com/errata/RHSA-2025:10992"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47273",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48387",
"url": "https://access.redhat.com/security/cve/CVE-2025-48387"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-7702",
"url": "https://issues.redhat.com/browse/RHIDP-7702"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-7793",
"url": "https://issues.redhat.com/browse/RHIDP-7793"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10992.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.5.3 release.",
"tracking": {
"current_release_date": "2025-11-25T10:19:45+00:00",
"generator": {
"date": "2025-11-25T10:19:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:10992",
"initial_release_date": "2025-07-14T19:46:35+00:00",
"revision_history": [
{
"date": "2025-07-14T19:46:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-14T19:46:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-25T10:19:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.5",
"product": {
"name": "Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:1d4c7fa815e480d838f9e375c65e78ef0e851ce093c84483a994673129d4643c_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:1d4c7fa815e480d838f9e375c65e78ef0e851ce093c84483a994673129d4643c_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:1d4c7fa815e480d838f9e375c65e78ef0e851ce093c84483a994673129d4643c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A1d4c7fa815e480d838f9e375c65e78ef0e851ce093c84483a994673129d4643c?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.5.3-1752159545"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:46c6d246831d26833d5381afd555f36bb52a8cb02fc025c06042983021c20222_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:46c6d246831d26833d5381afd555f36bb52a8cb02fc025c06042983021c20222_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:46c6d246831d26833d5381afd555f36bb52a8cb02fc025c06042983021c20222_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A46c6d246831d26833d5381afd555f36bb52a8cb02fc025c06042983021c20222?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.5.3-1752159639"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:5a19032dda9a0f584b41cbe9e729ed23e6003d90ebbb026eb9e7bb9769d4a4e4_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:5a19032dda9a0f584b41cbe9e729ed23e6003d90ebbb026eb9e7bb9769d4a4e4_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:5a19032dda9a0f584b41cbe9e729ed23e6003d90ebbb026eb9e7bb9769d4a4e4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A5a19032dda9a0f584b41cbe9e729ed23e6003d90ebbb026eb9e7bb9769d4a4e4?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.5.3-1752166658"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:1d4c7fa815e480d838f9e375c65e78ef0e851ce093c84483a994673129d4643c_amd64 as a component of Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:1d4c7fa815e480d838f9e375c65e78ef0e851ce093c84483a994673129d4643c_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:1d4c7fa815e480d838f9e375c65e78ef0e851ce093c84483a994673129d4643c_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:5a19032dda9a0f584b41cbe9e729ed23e6003d90ebbb026eb9e7bb9769d4a4e4_amd64 as a component of Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:5a19032dda9a0f584b41cbe9e729ed23e6003d90ebbb026eb9e7bb9769d4a4e4_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:5a19032dda9a0f584b41cbe9e729ed23e6003d90ebbb026eb9e7bb9769d4a4e4_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:46c6d246831d26833d5381afd555f36bb52a8cb02fc025c06042983021c20222_amd64 as a component of Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:46c6d246831d26833d5381afd555f36bb52a8cb02fc025c06042983021c20222_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:46c6d246831d26833d5381afd555f36bb52a8cb02fc025c06042983021c20222_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47273",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-05-17T16:00:41.145177+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:5a19032dda9a0f584b41cbe9e729ed23e6003d90ebbb026eb9e7bb9769d4a4e4_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:46c6d246831d26833d5381afd555f36bb52a8cb02fc025c06042983021c20222_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2366982"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn\u0027t expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability \"Moderate\" based on the impact of the damage caused by a successful exploitation and the pre-requisites.\n\n* Exploitation requires that the attacker have limited code execution access to a Python environment where they can trigger the vulnerable PackageIndex.download() function\u2014this might be via a script, plugin, or automated job. Full admin rights aren\u0027t needed but a user with no access at all will be unable to exploit this vulnerability.\n* The vulnerability impacts the integrity of the system within the same security boundary\u2014it does not enable access or compromise across trust boundaries (e.g., from one container to another or from user space to kernel).\n* Successful exploitation only allows the attacker to \"create\" new files. The vulnerability does not provide access to existing files and by an extension to any confidential information. \n* Arbitrary file writes can overwrite critical config files, executables, or scripts. This can lead to persistent code execution, system misconfiguration, or unauthorized behavior, especially in automated environments. While overwriting critical files could theoretically lead to service disruption, the vulnerability in isolation does not inherently cause denial of service. The exploit doesn\u0027t target availability directly, and in many cases, systems may continue running.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation enforces strict path constraints, rejecting directory traversal attempts or unauthorized file access. Runtime environments restrict code execution to predefined privilege levels, preventing escalation from traversal exploits. Configuration settings limit accessible directories and enforce execution boundaries to reduce the influence of user input on file system behavior. Application components are developed and validated against secure coding standards that explicitly prevent path manipulation, further minimizing exploitation risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:1d4c7fa815e480d838f9e375c65e78ef0e851ce093c84483a994673129d4643c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:5a19032dda9a0f584b41cbe9e729ed23e6003d90ebbb026eb9e7bb9769d4a4e4_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:46c6d246831d26833d5381afd555f36bb52a8cb02fc025c06042983021c20222_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "RHBZ#2366982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88",
"url": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b",
"url": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/issues/4946",
"url": "https://github.com/pypa/setuptools/issues/4946"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf",
"url": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf"
}
],
"release_date": "2025-05-17T15:46:11.399000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T19:46:35+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:1d4c7fa815e480d838f9e375c65e78ef0e851ce093c84483a994673129d4643c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10992"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:1d4c7fa815e480d838f9e375c65e78ef0e851ce093c84483a994673129d4643c_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:5a19032dda9a0f584b41cbe9e729ed23e6003d90ebbb026eb9e7bb9769d4a4e4_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:46c6d246831d26833d5381afd555f36bb52a8cb02fc025c06042983021c20222_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:1d4c7fa815e480d838f9e375c65e78ef0e851ce093c84483a994673129d4643c_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:5a19032dda9a0f584b41cbe9e729ed23e6003d90ebbb026eb9e7bb9769d4a4e4_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:46c6d246831d26833d5381afd555f36bb52a8cb02fc025c06042983021c20222_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
},
{
"cve": "CVE-2025-48387",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-02T20:00:45.526571+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:5a19032dda9a0f584b41cbe9e729ed23e6003d90ebbb026eb9e7bb9769d4a4e4_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:46c6d246831d26833d5381afd555f36bb52a8cb02fc025c06042983021c20222_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369875"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in tar-fs. This vulnerability allows files to be written outside the intended extraction directory via specially crafted tar archives. The issue arises from insufficient path validation during tarball extraction, potentially enabling path traversal attacks that can overwrite arbitrary files on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: tar-fs has issue where extract can write outside the specified dir with a specific tarball",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in tar-fs is Important not a moderate flaw, primarily due to its ability to bypass directory confinement during tarball extraction. The core issue\u2014path traversal via crafted archive entries\u2014allows attackers to write files outside the intended extraction directory, potentially overwriting system files, configuration files, or injecting malicious scripts into sensitive locations. Unlike moderate flaws that may require specific conditions or user interaction to exploit, this vulnerability can be triggered automatically in server-side environments that extract user-supplied tar files (e.g., CI/CD systems, deployment tools, or file upload handlers). Its exploitation could lead to remote code execution, privilege escalation, or denial of service, depending on the context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:1d4c7fa815e480d838f9e375c65e78ef0e851ce093c84483a994673129d4643c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:5a19032dda9a0f584b41cbe9e729ed23e6003d90ebbb026eb9e7bb9769d4a4e4_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:46c6d246831d26833d5381afd555f36bb52a8cb02fc025c06042983021c20222_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48387"
},
{
"category": "external",
"summary": "RHBZ#2369875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48387",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48387"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f",
"url": "https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v",
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v"
}
],
"release_date": "2025-06-02T19:20:18.220000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T19:46:35+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:1d4c7fa815e480d838f9e375c65e78ef0e851ce093c84483a994673129d4643c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10992"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:1d4c7fa815e480d838f9e375c65e78ef0e851ce093c84483a994673129d4643c_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:5a19032dda9a0f584b41cbe9e729ed23e6003d90ebbb026eb9e7bb9769d4a4e4_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:46c6d246831d26833d5381afd555f36bb52a8cb02fc025c06042983021c20222_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:1d4c7fa815e480d838f9e375c65e78ef0e851ce093c84483a994673129d4643c_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:5a19032dda9a0f584b41cbe9e729ed23e6003d90ebbb026eb9e7bb9769d4a4e4_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:46c6d246831d26833d5381afd555f36bb52a8cb02fc025c06042983021c20222_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: tar-fs has issue where extract can write outside the specified dir with a specific tarball"
}
]
}
rhsa-2025:9966
Vulnerability from csaf_redhat
Published
2025-06-30 14:17
Modified
2025-11-25 10:20
Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.6.2 release.
Notes
Topic
Red Hat Developer Hub 1.6.2 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.6.2 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9966",
"url": "https://access.redhat.com/errata/RHSA-2025:9966"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32996",
"url": "https://access.redhat.com/security/cve/CVE-2025-32996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32997",
"url": "https://access.redhat.com/security/cve/CVE-2025-32997"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47273",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48387",
"url": "https://access.redhat.com/security/cve/CVE-2025-48387"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-7725",
"url": "https://issues.redhat.com/browse/RHIDP-7725"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-7726",
"url": "https://issues.redhat.com/browse/RHIDP-7726"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9966.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.6.2 release.",
"tracking": {
"current_release_date": "2025-11-25T10:20:35+00:00",
"generator": {
"date": "2025-11-25T10:20:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:9966",
"initial_release_date": "2025-06-30T14:17:56+00:00",
"revision_history": [
{
"date": "2025-06-30T14:17:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-30T14:18:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-25T10:20:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.6",
"product": {
"name": "Red Hat Developer Hub 1.6",
"product_id": "Red Hat Developer Hub 1.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.6::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.6.2-1750887220"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3Afc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.6.2-1750886883"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3Ac99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.6.2-1750938107"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64 as a component of Red Hat Developer Hub 1.6",
"product_id": "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64 as a component of Red Hat Developer Hub 1.6",
"product_id": "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64 as a component of Red Hat Developer Hub 1.6",
"product_id": "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32996",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"discovery_date": "2025-04-15T03:00:44.384011+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359627"
}
],
"notes": [
{
"category": "description",
"text": "In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because \"else if\" is not used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-proxy-middleware: Always-Incorrect Control Flow Implementation in http-proxy-middleware",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32996"
},
{
"category": "external",
"summary": "RHBZ#2359627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32996"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/020976044d113fc0bcbbaf995e91d05e2829a145",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/020976044d113fc0bcbbaf995e91d05e2829a145"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/pull/1089",
"url": "https://github.com/chimurai/http-proxy-middleware/pull/1089"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8",
"url": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.4",
"url": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.4"
}
],
"release_date": "2025-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T14:17:56+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9966"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-proxy-middleware: Always-Incorrect Control Flow Implementation in http-proxy-middleware"
},
{
"cve": "CVE-2025-32997",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"discovery_date": "2025-04-15T03:00:47.160071+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359628"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in http-proxy-middleware. The issue occurs because the fixRequestBody function proceeds even when bodyParser has failed, which could lead to unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-proxy-middleware: Improper Check for Unusual or Exceptional Conditions in http-proxy-middleware",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32997"
},
{
"category": "external",
"summary": "RHBZ#2359628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359628"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32997"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32997",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32997"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/1bdccbeec243850f1d2bb50ea0ff2151e725d67e",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/1bdccbeec243850f1d2bb50ea0ff2151e725d67e"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/pull/1096",
"url": "https://github.com/chimurai/http-proxy-middleware/pull/1096"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.9",
"url": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.9"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.5",
"url": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.5"
}
],
"release_date": "2025-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T14:17:56+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9966"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-proxy-middleware: Improper Check for Unusual or Exceptional Conditions in http-proxy-middleware"
},
{
"cve": "CVE-2025-47273",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-05-17T16:00:41.145177+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2366982"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn\u0027t expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability \"Moderate\" based on the impact of the damage caused by a successful exploitation and the pre-requisites.\n\n* Exploitation requires that the attacker have limited code execution access to a Python environment where they can trigger the vulnerable PackageIndex.download() function\u2014this might be via a script, plugin, or automated job. Full admin rights aren\u0027t needed but a user with no access at all will be unable to exploit this vulnerability.\n* The vulnerability impacts the integrity of the system within the same security boundary\u2014it does not enable access or compromise across trust boundaries (e.g., from one container to another or from user space to kernel).\n* Successful exploitation only allows the attacker to \"create\" new files. The vulnerability does not provide access to existing files and by an extension to any confidential information. \n* Arbitrary file writes can overwrite critical config files, executables, or scripts. This can lead to persistent code execution, system misconfiguration, or unauthorized behavior, especially in automated environments. While overwriting critical files could theoretically lead to service disruption, the vulnerability in isolation does not inherently cause denial of service. The exploit doesn\u0027t target availability directly, and in many cases, systems may continue running.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation enforces strict path constraints, rejecting directory traversal attempts or unauthorized file access. Runtime environments restrict code execution to predefined privilege levels, preventing escalation from traversal exploits. Configuration settings limit accessible directories and enforce execution boundaries to reduce the influence of user input on file system behavior. Application components are developed and validated against secure coding standards that explicitly prevent path manipulation, further minimizing exploitation risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "RHBZ#2366982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88",
"url": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b",
"url": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/issues/4946",
"url": "https://github.com/pypa/setuptools/issues/4946"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf",
"url": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf"
}
],
"release_date": "2025-05-17T15:46:11.399000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T14:17:56+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9966"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
},
{
"cve": "CVE-2025-48387",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-02T20:00:45.526571+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369875"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in tar-fs. This vulnerability allows files to be written outside the intended extraction directory via specially crafted tar archives. The issue arises from insufficient path validation during tarball extraction, potentially enabling path traversal attacks that can overwrite arbitrary files on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: tar-fs has issue where extract can write outside the specified dir with a specific tarball",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in tar-fs is Important not a moderate flaw, primarily due to its ability to bypass directory confinement during tarball extraction. The core issue\u2014path traversal via crafted archive entries\u2014allows attackers to write files outside the intended extraction directory, potentially overwriting system files, configuration files, or injecting malicious scripts into sensitive locations. Unlike moderate flaws that may require specific conditions or user interaction to exploit, this vulnerability can be triggered automatically in server-side environments that extract user-supplied tar files (e.g., CI/CD systems, deployment tools, or file upload handlers). Its exploitation could lead to remote code execution, privilege escalation, or denial of service, depending on the context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48387"
},
{
"category": "external",
"summary": "RHBZ#2369875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48387",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48387"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f",
"url": "https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v",
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v"
}
],
"release_date": "2025-06-02T19:20:18.220000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T14:17:56+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9966"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:79618b38d6f02457954b227d538e238fdebbb72a220af5bd6be3cfab3ad0f262_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c99f378315b703b586196ea3978e3858e2c73d4b16d761700efafc9a82e618d9_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fc721db8c90951b6a2255fd893ec0094b47a2c736ce66b41c96d7a4fdae43feb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: tar-fs has issue where extract can write outside the specified dir with a specific tarball"
}
]
}
rhsa-2025:14090
Vulnerability from csaf_redhat
Published
2025-08-19 11:33
Modified
2025-11-25 16:00
Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.7.0 release.
Notes
Topic
Red Hat Developer Hub 1.7.0 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.7.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14090",
"url": "https://access.redhat.com/errata/RHSA-2025:14090"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22870",
"url": "https://access.redhat.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32996",
"url": "https://access.redhat.com/security/cve/CVE-2025-32996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32997",
"url": "https://access.redhat.com/security/cve/CVE-2025-32997"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48387",
"url": "https://access.redhat.com/security/cve/CVE-2025-48387"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48997",
"url": "https://access.redhat.com/security/cve/CVE-2025-48997"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5417",
"url": "https://access.redhat.com/security/cve/CVE-2025-5417"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-54419",
"url": "https://access.redhat.com/security/cve/CVE-2025-54419"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6545",
"url": "https://access.redhat.com/security/cve/CVE-2025-6545"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7338",
"url": "https://access.redhat.com/security/cve/CVE-2025-7338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-6469",
"url": "https://issues.redhat.com/browse/RHIDP-6469"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-6470",
"url": "https://issues.redhat.com/browse/RHIDP-6470"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-6937",
"url": "https://issues.redhat.com/browse/RHIDP-6937"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14090.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.7.0 release.",
"tracking": {
"current_release_date": "2025-11-25T16:00:09+00:00",
"generator": {
"date": "2025-11-25T16:00:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:14090",
"initial_release_date": "2025-08-19T11:33:06+00:00",
"revision_history": [
{
"date": "2025-08-19T11:33:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-19T11:33:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-25T16:00:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.7",
"product": {
"name": "Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3Aaa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.7.0-1754936470"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.7.0-1754935808"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.7.0-1754942441"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64 as a component of Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64 as a component of Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64 as a component of Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5417",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2025-05-31T22:35:41+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369602"
}
],
"notes": [
{
"category": "description",
"text": "An insufficient access control vulnerability was found in the Red Hat\nDeveloper Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to the cluster, and the Red Hat Developer Hub namespace, can access the\nrhdh/rhdh-hub-rhel9 container image and modify the image\u0027s content. This issue affects the confidentiality and integrity of the data, and any changes made are not permanent, as they reset after the pod restarts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rhdh: Red Hat Developer Hub user permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Developer Hub 1.6 is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5417"
},
{
"category": "external",
"summary": "RHBZ#2369602",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369602"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5417",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5417"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5417",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5417"
}
],
"release_date": "2025-08-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-19T11:33:06+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14090"
},
{
"category": "workaround",
"details": "Red Hat Developer Hub 1.5 contains mitigation guidelines present at https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.5/html/configuring_red_hat_developer_hub/readonlyrootfilesystem",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rhdh: Red Hat Developer Hub user permissions"
},
{
"cve": "CVE-2025-6545",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-06-23T19:00:51.575615+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the npm pbkdf2 library, allowing signature spoofing. When executing in javascript engines other than Nodejs or Nodejs when importing pbkdf2/browser, certain algorithms will silently fail and return invalid data. The return values are predictable, which undermines the security guarantees of the package.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pbkdf2: pbkdf2 silently returns predictable key material",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated important because it causes the pbkdf2 module to quietly return weak or zero-filled keys when certain algorithm names are used incorrectly in browsers or bundled code, this causes the function to silently return a predictable value (such as a zero-filled buffer or uninitialized memory) instead of a securely derived key, completely undermining the confidentiality and integrity of any cryptographic operation where attackers could guess or reuse these keys to access or change protected data.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6545"
},
{
"category": "external",
"summary": "RHBZ#2374370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6545",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6545"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6545",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6545"
},
{
"category": "external",
"summary": "https://github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7a7078",
"url": "https://github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7a7078"
},
{
"category": "external",
"summary": "https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb",
"url": "https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb"
},
{
"category": "external",
"summary": "https://github.com/browserify/pbkdf2/security/advisories/GHSA-h7cp-r72f-jxh6",
"url": "https://github.com/browserify/pbkdf2/security/advisories/GHSA-h7cp-r72f-jxh6"
}
],
"release_date": "2025-06-23T18:41:18.771000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-19T11:33:06+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14090"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pbkdf2: pbkdf2 silently returns predictable key material"
},
{
"cve": "CVE-2025-7338",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2025-07-17T16:00:55.704118+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2381726"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Multer NPM library. This vulnerability allows an attacker to trigger a denial of service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, resulting in a process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "multer: Multer Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7338"
},
{
"category": "external",
"summary": "RHBZ#2381726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7338"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b",
"url": "https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p",
"url": "https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p"
}
],
"release_date": "2025-07-17T15:26:45.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-19T11:33:06+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14090"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "multer: Multer Denial of Service"
},
{
"cve": "CVE-2025-22870",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-03-12T19:00:59.178193+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351766"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-20: Improper Input Validation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected by input validation vulnerabilities. Security testing and evaluation standards are implemented within the environment to rigorously test input validation mechanisms during the development lifecycle, while static code analysis identifies potential input validation vulnerabilities by default. Process isolation ensures that processes handling potentially malicious or unvalidated inputs run in isolated environments by separating execution domains for each process. Malicious code protections such as IPS/IDS and antimalware solutions help detect and mitigate malicious payloads stemming from input validation vulnerabilities. Finally, robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks further.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "RHBZ#2351766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351766"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22870",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22870"
},
{
"category": "external",
"summary": "https://go.dev/cl/654697",
"url": "https://go.dev/cl/654697"
},
{
"category": "external",
"summary": "https://go.dev/issue/71984",
"url": "https://go.dev/issue/71984"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3503",
"url": "https://pkg.go.dev/vuln/GO-2025-3503"
}
],
"release_date": "2025-03-12T18:27:59.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-19T11:33:06+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14090"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net"
},
{
"cve": "CVE-2025-32996",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"discovery_date": "2025-04-15T03:00:44.384011+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359627"
}
],
"notes": [
{
"category": "description",
"text": "In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because \"else if\" is not used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-proxy-middleware: Always-Incorrect Control Flow Implementation in http-proxy-middleware",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32996"
},
{
"category": "external",
"summary": "RHBZ#2359627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32996"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/020976044d113fc0bcbbaf995e91d05e2829a145",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/020976044d113fc0bcbbaf995e91d05e2829a145"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/pull/1089",
"url": "https://github.com/chimurai/http-proxy-middleware/pull/1089"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8",
"url": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.4",
"url": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.4"
}
],
"release_date": "2025-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-19T11:33:06+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14090"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-proxy-middleware: Always-Incorrect Control Flow Implementation in http-proxy-middleware"
},
{
"cve": "CVE-2025-32997",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"discovery_date": "2025-04-15T03:00:47.160071+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359628"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in http-proxy-middleware. The issue occurs because the fixRequestBody function proceeds even when bodyParser has failed, which could lead to unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-proxy-middleware: Improper Check for Unusual or Exceptional Conditions in http-proxy-middleware",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32997"
},
{
"category": "external",
"summary": "RHBZ#2359628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359628"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32997"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32997",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32997"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/1bdccbeec243850f1d2bb50ea0ff2151e725d67e",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/1bdccbeec243850f1d2bb50ea0ff2151e725d67e"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/pull/1096",
"url": "https://github.com/chimurai/http-proxy-middleware/pull/1096"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.9",
"url": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.9"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.5",
"url": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.5"
}
],
"release_date": "2025-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-19T11:33:06+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14090"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-proxy-middleware: Improper Check for Unusual or Exceptional Conditions in http-proxy-middleware"
},
{
"cve": "CVE-2025-48387",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-02T20:00:45.526571+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369875"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in tar-fs. This vulnerability allows files to be written outside the intended extraction directory via specially crafted tar archives. The issue arises from insufficient path validation during tarball extraction, potentially enabling path traversal attacks that can overwrite arbitrary files on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: tar-fs has issue where extract can write outside the specified dir with a specific tarball",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in tar-fs is Important not a moderate flaw, primarily due to its ability to bypass directory confinement during tarball extraction. The core issue\u2014path traversal via crafted archive entries\u2014allows attackers to write files outside the intended extraction directory, potentially overwriting system files, configuration files, or injecting malicious scripts into sensitive locations. Unlike moderate flaws that may require specific conditions or user interaction to exploit, this vulnerability can be triggered automatically in server-side environments that extract user-supplied tar files (e.g., CI/CD systems, deployment tools, or file upload handlers). Its exploitation could lead to remote code execution, privilege escalation, or denial of service, depending on the context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48387"
},
{
"category": "external",
"summary": "RHBZ#2369875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48387",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48387"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f",
"url": "https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v",
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v"
}
],
"release_date": "2025-06-02T19:20:18.220000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-19T11:33:06+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14090"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: tar-fs has issue where extract can write outside the specified dir with a specific tarball"
},
{
"cve": "CVE-2025-48997",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2025-06-03T19:01:06.246004+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370084"
}
],
"notes": [
{
"category": "description",
"text": "An unhandled exception flaw was found in multer. This issue allows an attacker to trigger an application level denial of service by sending an upload file request with an empty string field name, which triggers an exception in processing that is not properly handled. This issue will lead to a program crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "multer: Multer vulnerable to Denial of Service via unhandled exception",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The denial of service impact is limited to the program that integrates multer. The host operating system is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48997"
},
{
"category": "external",
"summary": "RHBZ#2370084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370084"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48997",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48997"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9",
"url": "https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/issues/1233",
"url": "https://github.com/expressjs/multer/issues/1233"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/pull/1256",
"url": "https://github.com/expressjs/multer/pull/1256"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg",
"url": "https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg"
}
],
"release_date": "2025-06-03T18:21:59.527000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-19T11:33:06+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14090"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "multer: Multer vulnerable to Denial of Service via unhandled exception"
},
{
"cve": "CVE-2025-54419",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-07-28T20:02:41.635540+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2384049"
}
],
"notes": [
{
"category": "description",
"text": "A signature verification flaw was found in the npm @node-saml/node-saml library. This flaw allows an attacker who has access to a validly signed document from the identity provider (IdP) to alter the content of the document, modify the details within the document, and have the modifications be accepted.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@node-saml/node-saml: Node-SAML Signature Verification Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a Important impact authn-bypass, not a Moderate bug, because it breaks the core trust boundary of SAML: the service provider (SP) makes authorization decisions based on an assertion it believes is protected by the IdP\u2019s XML signature. In @node-saml/node-saml \u22645.0.1, the library verifies the signature over one part of the response but then parses/uses fields from the original, unsigned document, a classic signature-wrapping/mismatch flaw. An attacker who possesses any validly signed SAML response (e.g., their own login, a captured response, or one from a lower-privileged account) can alter critical elements\u2014such as the Subject/NameID (e.g., drop a character to map to a different user), group/role attributes, AuthnContext, or Conditions\u2014without invalidating the signature, and the SP will accept the modified values. That enables account takeover, privilege escalation, MFA/step-up bypass (via AuthnContext changes), and policy circumvention across every SP relying on this library. The only prerequisite is access to a single signed response; no IdP compromise is required.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-54419"
},
{
"category": "external",
"summary": "RHBZ#2384049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-54419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-54419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54419"
},
{
"category": "external",
"summary": "https://github.com/node-saml/node-saml/commit/31ead9411ebc3e2385086fa9149b6c17732bca10",
"url": "https://github.com/node-saml/node-saml/commit/31ead9411ebc3e2385086fa9149b6c17732bca10"
},
{
"category": "external",
"summary": "https://github.com/node-saml/node-saml/releases/tag/v5.1.0",
"url": "https://github.com/node-saml/node-saml/releases/tag/v5.1.0"
},
{
"category": "external",
"summary": "https://github.com/node-saml/node-saml/security/advisories/GHSA-4mxg-3p6v-xgq3",
"url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-4mxg-3p6v-xgq3"
}
],
"release_date": "2025-07-28T19:47:46.584000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-19T11:33:06+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14090"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:7dad33bce18ec8417e9345ce8cdd39f3c9bfd637cecc8ce6750fa3e5279dc06b_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72beabd2760976369736af8c22388b030603f9d503020aa581f4b8ec1c50c740_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@node-saml/node-saml: Node-SAML Signature Verification Vulnerability"
}
]
}
rhsa-2025:15847
Vulnerability from csaf_redhat
Published
2025-09-15 16:27
Modified
2025-11-26 16:13
Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.23.0 Release.
Notes
Topic
Red Hat OpenShift Dev Spaces 3.23.0 has been released.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.23 release is based on Eclipse Che 7.107 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2. Users still using the v1 standard should migrate as soon as possible. https://devfile.io/docs/2.2.0/migrating-to-devfile-v2 Dev Spaces supports OpenShift EUS releases v4.14 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates. https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.23.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.23 release is based on Eclipse Che 7.107 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2. Users still using the v1 standard should migrate as soon as possible. https://devfile.io/docs/2.2.0/migrating-to-devfile-v2 Dev Spaces supports OpenShift EUS releases v4.14 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates. https://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15847",
"url": "https://access.redhat.com/errata/RHSA-2025:15847"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.23/html/administration_guide/installing-devspaces",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.23/html/administration_guide/installing-devspaces"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-10005",
"url": "https://access.redhat.com/security/cve/CVE-2024-10005"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-10006",
"url": "https://access.redhat.com/security/cve/CVE-2024-10006"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-22189",
"url": "https://access.redhat.com/security/cve/CVE-2024-22189"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-24789",
"url": "https://access.redhat.com/security/cve/CVE-2024-24789"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-28869",
"url": "https://access.redhat.com/security/cve/CVE-2024-28869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-39321",
"url": "https://access.redhat.com/security/cve/CVE-2024-39321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48385",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48387",
"url": "https://access.redhat.com/security/cve/CVE-2025-48387"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52999",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9287",
"url": "https://access.redhat.com/security/cve/CVE-2025-9287"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9288",
"url": "https://access.redhat.com/security/cve/CVE-2025-9288"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15847.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.23.0 Release.",
"tracking": {
"current_release_date": "2025-11-26T16:13:03+00:00",
"generator": {
"date": "2025-11-26T16:13:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:15847",
"initial_release_date": "2025-09-15T16:27:40+00:00",
"revision_history": [
{
"date": "2025-09-15T16:27:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-15T16:27:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-26T16:13:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product": {
"name": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3.23::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces (RHOSDS)"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757618807"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Ad2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756506343"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757019057"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"product": {
"name": "registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"product_id": "registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/idea-rhel9@sha256%3Adf24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces-tech-preview\u0026tag=3.23-1756504289"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3Aa69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756507311"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"product": {
"name": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"product_id": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3Aac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces-tech-preview\u0026tag=3.23-1757019334"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3Ad23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756509551"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757017659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756828766"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256%3Aa48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757629825"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757367052"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756753588"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756504388"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757028609"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757037884"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757618807"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756506343"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757019057"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756507311"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"product": {
"name": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"product_id": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3Acd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85?arch=s390x\u0026repository_url=registry.redhat.io/devspaces-tech-preview\u0026tag=3.23-1757019334"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3Ae32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756509551"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757017659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756828766"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Af2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757367052"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756753588"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756504388"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Aa4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757028609"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Ab60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757037884"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757618807"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756506343"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757019057"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3Aad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756507311"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"product_id": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces-tech-preview\u0026tag=3.23-1757019334"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3A13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756509551"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Ae762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757017659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756828766"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757367052"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3Afa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756753588"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3Aa152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756504388"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Acc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757028609"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Aee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757037884"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757618807"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756506343"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757019057"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3Ac9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756507311"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"product": {
"name": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"product_id": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3Ad0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d?arch=arm64\u0026repository_url=registry.redhat.io/devspaces-tech-preview\u0026tag=3.23-1757019334"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3A43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756509551"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757017659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Af5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756828766"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Acc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757367052"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756753588"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3Af17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1756504388"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757028609"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Aa86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.23-1757037884"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64"
},
"product_reference": "registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64"
},
"product_reference": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x"
},
"product_reference": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64"
},
"product_reference": "registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.23",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-10005",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-10-30T22:00:40.599537+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2322857"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in HashiCorp Consul. Due to a lack of path normalization, URL paths in L7 traffic intentions can be exploited to bypass permissions defined in the intentions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hashicorp/consul: consul: Consul L7 Intentions Vulnerable To URL Path Bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because the lack of path normalization in HashiCorp Consul allows attackers to exploit URL paths in L7 traffic intentions, bypassing defined permissions. This can compromise both confidentiality and integrity, enabling unauthorized access to sensitive data and resources, highlighting the need for immediate attention.\n\nThis CVE has been rated \"Low\" as RH does not use Consul/Consul Catalog as a provider for configuration discovery in Traefik Proxy. Even though the product is affected, RH products are not vulnerable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-10005"
},
{
"category": "external",
"summary": "RHBZ#2322857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322857"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-10005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10005"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-10005",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10005"
},
{
"category": "external",
"summary": "https://discuss.hashicorp.com/t/hcsec-2024-22-consul-l7-intentions-vulnerable-to-url-path-bypass",
"url": "https://discuss.hashicorp.com/t/hcsec-2024-22-consul-l7-intentions-vulnerable-to-url-path-bypass"
}
],
"release_date": "2024-10-30T21:19:22.576000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:27:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15847"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "hashicorp/consul: consul: Consul L7 Intentions Vulnerable To URL Path Bypass"
},
{
"cve": "CVE-2024-10006",
"cwe": {
"id": "CWE-644",
"name": "Improper Neutralization of HTTP Headers for Scripting Syntax"
},
"discovery_date": "2024-10-30T22:00:44.245072+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2322858"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HashiCorp Consul and Consul Enterprise. The server response does not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and can lead to reflected cross-site scripting (XSS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hashicorp/consul: consul: Consul L7 Intentions Vulnerable To Headers Bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because HashiCorp Consul fails to set a Content-Type HTTP header, allowing user inputs to be misinterpreted and potentially leading to reflected cross-site scripting (XSS). This can compromise both confidentiality and integrity, posing a risk to user data and application security, which requires prompt remediation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-10006"
},
{
"category": "external",
"summary": "RHBZ#2322858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322858"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-10006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10006"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-10006",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10006"
},
{
"category": "external",
"summary": "https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass",
"url": "https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass"
}
],
"release_date": "2024-10-30T21:20:37.011000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:27:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15847"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hashicorp/consul: consul: Consul L7 Intentions Vulnerable To Headers Bypass"
},
{
"cve": "CVE-2024-22189",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-04-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2273513"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in quic-go. This issue may allow an attacker to trigger a denial of service by sending a large number of NEW_CONNECTION_ID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a RETIRE_CONNECTION_ID frame, but the attacker can prevent the receiver from sending out the vast majority of these RETIRE_CONNECTION_ID frames by selectively acknowledging received packets and collapsing the peers congestion window and by manipulating the peer\u0027s RTT estimate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "quic-go: memory exhaustion attack against QUIC\u0027s connection ID mechanism",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-770: Allocation of Resources Without Limits or Throttling vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings required for operations, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect excessive resource usage caused by malicious activity or system misconfigurations. In the event of exploitation, process isolation ensures workloads operate in separate environments, preventing any single process from overconsuming CPU or memory and degrading system performance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22189"
},
{
"category": "external",
"summary": "RHBZ#2273513",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273513"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22189"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a",
"url": "https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/security/advisories/GHSA-c33x-xqrf-c478",
"url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-c33x-xqrf-c478"
},
{
"category": "external",
"summary": "https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-management",
"url": "https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-management"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:27:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "quic-go: memory exhaustion attack against QUIC\u0027s connection ID mechanism"
},
{
"cve": "CVE-2024-24789",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-06-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2292668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Incorrect handling of certain ZIP files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-20: Improper Input Validation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected by input validation vulnerabilities. Security testing and evaluation standards are implemented within the environment to rigorously test input validation mechanisms during the development lifecycle, while static code analysis identifies potential input validation vulnerabilities by default. Process isolation ensures that processes handling potentially malicious or unvalidated inputs run in isolated environments by separating execution domains for each process. Malicious code protections, such as IPS/IDS and antimalware solutions, help detect and mitigate malicious payloads stemming from input validation vulnerabilities. Finally, robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks further.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24789"
},
{
"category": "external",
"summary": "RHBZ#2292668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24789"
}
],
"release_date": "2024-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:27:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Incorrect handling of certain ZIP files"
},
{
"cve": "CVE-2024-28869",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"discovery_date": "2024-04-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274987"
}
],
"notes": [
{
"category": "description",
"text": "An improper handling of exceptional conditions vulnerability was found in Traefik. In affected versions, sending a GET request to any Traefik endpoint with the \"Content-length\" request header results in an indefinite hang with the default configuration, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "traefik: denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28869"
},
{
"category": "external",
"summary": "RHBZ#2274987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274987"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28869"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6",
"url": "https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw"
}
],
"release_date": "2024-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:27:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "traefik: denial of service"
},
{
"cve": "CVE-2024-39321",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2024-07-05T18:20:25+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2296009"
}
],
"notes": [
{
"category": "description",
"text": "An authorization bypass vulnerability was found in Traefik. This flaw allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "traefik: Bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in Traefik that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes, while notable, is categorized as moderate severity rather than important. This classification stems from the requirement for an attacker to leverage HTTP/3\u0027s early data feature and perform spoofed IP address manipulation to exploit the flaw. As a result, successful exploitation demands specific conditions, including network-level access and manipulation capabilities, which may not be trivial in many environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-39321"
},
{
"category": "external",
"summary": "RHBZ#2296009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39321"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.6",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.6"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.0.4",
"url": "https://github.com/traefik/traefik/releases/tag/v3.0.4"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3",
"url": "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9"
}
],
"release_date": "2024-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:27:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15847"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "traefik: Bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:27:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-9287",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-08-20T22:00:53.821394+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2389932"
}
],
"notes": [
{
"category": "description",
"text": "An improper input validation vulnerability was found in the cipher-base npm package. Missing input type checks in the polyfill of the Node.js `createHash` function result in invalid\u00a0value calculations,\u00a0hanging and\u00a0rewinding the\u00a0hash state, including\u00a0turning a tagged hash\u00a0into an untagged\u00a0hash, for malicious JSON-stringifyable\u00a0inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cipher-base: Cipher-base hash manipulation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9287"
},
{
"category": "external",
"summary": "RHBZ#2389932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9287"
},
{
"category": "external",
"summary": "https://github.com/browserify/cipher-base/pull/23",
"url": "https://github.com/browserify/cipher-base/pull/23"
},
{
"category": "external",
"summary": "https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc",
"url": "https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc"
}
],
"release_date": "2025-08-20T21:43:56.548000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:27:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15847"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cipher-base: Cipher-base hash manipulation"
},
{
"cve": "CVE-2025-9288",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-08-20T23:00:56.263191+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2389980"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in sha.js, where the hashing implementation does not perform sufficient input type validation. The .update() function accepts arbitrary objects, including those with crafted length properties, which can alter the internal state machine of the hashing process. This flaw may result in unexpected behavior such as rewinding the hash state, producing inconsistent digest outputs, or entering invalid processing loops. The issue was introduced due to the reliance on JavaScript object coercion rules rather than enforcing strict buffer or string inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sha.js: Missing type checks leading to hash rewind and passing on crafted data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important rather then Critical because while the lack of input type checks in sha.js allows for hash state rewinding, crafted collisions, and potential denial of service, the vulnerability requires highly specific crafted input objects that are unlikely to occur in typical real-world usage, especially since most applications pass well-formed strings or buffers to hashing functions. Moreover, the cryptographic breakages described, such as nonce reuse leading to private key extraction, are indirect and depend on downstream libraries misusing sha.js for sensitive operations without additional validation layers. As a result, the flaw significantly undermines correctness and robustness of the hashing API, but its exploitability in common production systems is constrained, which could justify viewing it as an Important vulnerability rather than a Critical one.\n\n\nThe flaw requires applications to pass attacker-controlled, non-standard JavaScript objects into hash.update(). Most real-world Node.js applications and libraries already use Buffer, TypedArray, or String inputs, which are unaffected. Furthermore, Node\u2019s built-in crypto module, which is widely adopted, enforces stricter type-checking and is not impacted. As a result, the vulnerability mainly threatens projects that (a) directly depend on sha.js for cryptographically sensitive operations, and (b) hash untrusted input without type validation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9288"
},
{
"category": "external",
"summary": "RHBZ#2389980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9288"
},
{
"category": "external",
"summary": "https://github.com/browserify/sha.js/pull/78",
"url": "https://github.com/browserify/sha.js/pull/78"
},
{
"category": "external",
"summary": "https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5",
"url": "https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9287"
}
],
"release_date": "2025-08-20T21:59:44.728000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:27:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15847"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sha.js: Missing type checks leading to hash rewind and passing on crafted data"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:27:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15847"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
},
{
"cve": "CVE-2025-48387",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-02T20:00:45.526571+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369875"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in tar-fs. This vulnerability allows files to be written outside the intended extraction directory via specially crafted tar archives. The issue arises from insufficient path validation during tarball extraction, potentially enabling path traversal attacks that can overwrite arbitrary files on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: tar-fs has issue where extract can write outside the specified dir with a specific tarball",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in tar-fs is Important not a moderate flaw, primarily due to its ability to bypass directory confinement during tarball extraction. The core issue\u2014path traversal via crafted archive entries\u2014allows attackers to write files outside the intended extraction directory, potentially overwriting system files, configuration files, or injecting malicious scripts into sensitive locations. Unlike moderate flaws that may require specific conditions or user interaction to exploit, this vulnerability can be triggered automatically in server-side environments that extract user-supplied tar files (e.g., CI/CD systems, deployment tools, or file upload handlers). Its exploitation could lead to remote code execution, privilege escalation, or denial of service, depending on the context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48387"
},
{
"category": "external",
"summary": "RHBZ#2369875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48387",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48387"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f",
"url": "https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v",
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v"
}
],
"release_date": "2025-06-02T19:20:18.220000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:27:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15847"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: tar-fs has issue where extract can write outside the specified dir with a specific tarball"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:27:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15847"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/idea-rhel9@sha256:df24ebb239a2cc0d4543309f51a7268c7d524d428a536e0b3443c51089c3f87e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:0dc291e3dc58d285d054a35b480d14c3912777e14fd643915b8ceabd178ad6bf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:ac5b3e78470c747377dbc9ecb6e0680d724086c331955ed5471b74d01155ece8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:cd1ee1d15cafe77bbf8e283cee2cde88dcdfb59c9545867a047cf4b42089aa85_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9@sha256:d0b17cb5f9a530ca959058fe926b3f5c42539487e23587d51948f49d7a38cf5d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:32d9568317c55235f75c4d0e1c98de6d4af252cbdd116ed2355025cbaeac862f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:48b99d167a5c54a98e69bba441bb5b70db2ffe065d3f8f8d23ecfed7b813336e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/code-rhel9@sha256:8b2b33e91756bbd1c7ed6905e00176b9d55a4e13aee2f84862bc571a8a82f113_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:43cdf063e9a6aa5f84233c8bd850a711b5d5fae8a7795803609fec07d189ca05_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ad9073c0a768f170cf8d4311ea35ec1caccfdefdf6d1dccbc10ed01cdeafd16_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:934c224a59086c689be1839b6846a0984370a78a8adc8510fa692f5215bb6182_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/configbump-rhel9@sha256:d2bfcb27baf36e569eca4f7c85f458a180d7938616413a4cf8e10cb329e6a150_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:7c98501fee1297a24caa77d325f6bfd7f91192589f0aa22d47d9766e8219c749_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:905d45518e20ea10daa3a35ea2f2201a6f762a16f9b4829ce37b7396d493ac59_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/dashboard-rhel9@sha256:91e064bccc3f7320844763fc136cb4c650db40190e01edebe16135bcc00627ac_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:a48dd94d5616183843ba939146b7e4d985210cdd902038ff80ff6df3df3d74ca_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:2b18f2cf31e0914762cc6e99c9797c24a19db69ca08bc9983bc2aacc85ee7024_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:38c9b56aa9c2a5153e01ffc1edb399247ed1937b9382ac4f0fb2beae4c27f69a_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:59f85768c28401783b9475ce21088e3d8fbf6bcd64bb49e3a243c881ac6b546c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f5b515ecaea7d542ac18ea5a056c99fe84ca2ac25fa3904bdc50a78ecf47541f_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8cdf016c4d61bce4f244415ae192fe1647ef517ba1690f2009b5b8e1104c72a7_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:a69c6f8b091d11c69b6864edc6973c6f5f4515eb3a1923bf51fdb971315c28b0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ad5f4d1b7f712416bb62785375ce15ef1a5cb3f1a77226899abc8aba32a11623_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c9808efcb221c10d78bdf663e3b5e3d5d281bf59702be049090fc1fa0511b078_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:43d9679eb3ac8d5287863137f2d698d814a2fbc2fbd6a6aacba11240cd76d40c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:d23a4d9f0967f53d15fefda63e972e035d23aebe819dd11a6cec9beceacd8997_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e32fc2e1c50fb1110a835e29e6e360b4127ed84fca98c6276b0b171ccd6cb223_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:1168d897f16b276ba5a6e6170e31fbe1499a980666aed493b2fe27036471ba55_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:15300e7d45a8e2093ef6f33303174f7361de7d9b648f8c9f2cf06f8ba3c56c76_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:6ccd50b0049e4ba0f9d4ea8779b17c6acc95395490579fbaa3b9e9084ac7d314_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e762a9019e4b5afd27331ad519a5b63a2bba3c7eb522533e0932e97c2879a36e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f4c5323da09593280fc61c2df7fced0f6dc9d3ca322d27069f51334c3d18dae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:918c66e3ea09e481c38673314021ef1aa6b46afc9dcb115b9d19b6819c5db4a7_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:cc4f2ce5926da93eaf81b0935d3171d81a310ec97e3c08bbbf6599752446810d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f2bcd5123e4fad7aa4ad54f2819a1beb75d844302aa162e0335c1a0191fe5346_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:27b7eef1c64e432dbe15e92cf745a951aebdc9b379d9c02dbfef6df296c39cd1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:3cfcd5f9ab8ec42cefd8fab992ecb493a9d14126bdf53ba542ffa4b51fd1684c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:641354f1d56627f49af3e32ad963616b69aac644ac33d664e7fe29de32fe43b3_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/server-rhel9@sha256:fa5400aecca1a46c4b98d00c749ea56d6187ced20952f02e4dd1c12e2467117e_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:15a4a74016cdb94aece0bc651edd221b72a9202e5fd414d30ae969707cb5b4c9_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:5361443dee5415dc554d79e2fa23a6b336f1d8ea89fb20a4caa72f70574b939b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:a152f1e75dd10ba692587a4e702d59cd1c5adcde8b97390f58742270edf85d33_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/traefik-rhel9@sha256:f17428eced9d6bec1eaaa1510b68250824d3ace2f66af7f31fbf7327ca11540c_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:42d8388fafeb7c188b03389c92561da4068f91a8cc2343f33d967939342e4f64_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:a86e59cedc67e9fcee3412afa157572a2ab815a3d9e18da03ada502f7313cc80_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b60b4b992b89b82620e5ea618350a97434b272d1f023200dcbeae642612e3569_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ee9d72769b916b350307df495022e04add1fbcd67c1e62757fd316e7f1dd60ae_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:53618eb41967e64660e87e5ad6ce8f5d9803aed9bb48da8898aaefb4d0a4632d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:65176a94e684c200beef8f25016982ab212bdcd10d31b54a831310e20c026f77_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:a4ca99dc99b864ef805f3e8d997f0567168c809433f16ec23540c0b8ead96216_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.23:registry.redhat.io/devspaces/udi-rhel9@sha256:cc31b6212f77e03383e615ee30fd97419806c3841f18d2f6c950d82cdd21e872_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
wid-sec-w-2025-1420
Vulnerability from csaf_certbund
Published
2025-06-29 22:00
Modified
2025-07-23 22:00
Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff
Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Dateien zu manipulieren, und um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Dateien zu manipulieren, und um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1420 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1420.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1420 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1420"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-06-29",
"url": "https://www.ibm.com/support/pages/node/7238364"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7240500 vom 2025-07-24",
"url": "https://www.ibm.com/support/pages/node/7240500"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-07-23T22:00:00.000+00:00",
"generator": {
"date": "2025-07-24T07:52:01.830+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1420",
"initial_release_date": "2025-06-29T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-06-29T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-07-23T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container Operator \u003c12.13.0 CD",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator \u003c12.13.0 CD",
"product_id": "T044934"
}
},
{
"category": "product_version",
"name": "Certified Container Operator 12.13.0 CD",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator 12.13.0 CD",
"product_id": "T044934-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator__12.13.0_cd"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container Operator \u003c12.0.13 LTS",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator \u003c12.0.13 LTS",
"product_id": "T044935"
}
},
{
"category": "product_version",
"name": "Certified Container Operator 12.0.13 LTS",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator 12.0.13 LTS",
"product_id": "T044935-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator__12.0.13_lts"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-48387",
"product_status": {
"known_affected": [
"T044935",
"T044934",
"T032495"
]
},
"release_date": "2025-06-29T22:00:00.000+00:00",
"title": "CVE-2025-48387"
},
{
"cve": "CVE-2025-48997",
"product_status": {
"known_affected": [
"T044935",
"T044934",
"T032495"
]
},
"release_date": "2025-06-29T22:00:00.000+00:00",
"title": "CVE-2025-48997"
}
]
}
ghsa-8cj5-5rvv-wf4v
Vulnerability from github
Published
2025-06-03 06:14
Modified
2025-11-03 21:33
Severity ?
VLAI Severity ?
Summary
tar-fs can extract outside the specified dir with a specific tarball
Details
Impact
v3.0.8, v2.1.2, v1.16.4 and below
Patches
Has been patched in 3.0.9, 2.1.3, and 1.16.5
Workarounds
You can use the ignore option to ignore non files/directories.
js
ignore (_, header) {
// pass files & directories, ignore e.g. symlinks
return header.type !== 'file' && header.type !== 'directory'
}
Credit
Thank you Caleb Brown from Google Open Source Security Team for reporting this in detail.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "tar-fs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "tar-fs"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "tar-fs"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-48387"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-03T06:14:25Z",
"nvd_published_at": "2025-06-02T20:15:22Z",
"severity": "HIGH"
},
"details": "### Impact\n v3.0.8, v2.1.2, v1.16.4 and below\n\n### Patches\nHas been patched in 3.0.9, 2.1.3, and 1.16.5\n\n### Workarounds\nYou can use the ignore option to ignore non files/directories.\n\n```js\n ignore (_, header) {\n // pass files \u0026 directories, ignore e.g. symlinks\n return header.type !== \u0027file\u0027 \u0026\u0026 header.type !== \u0027directory\u0027\n }\n```\n\n### Credit\nThank you Caleb Brown from Google Open Source Security Team for reporting this in detail.",
"id": "GHSA-8cj5-5rvv-wf4v",
"modified": "2025-11-03T21:33:59Z",
"published": "2025-06-03T06:14:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/google/security-research/security/advisories/GHSA-xrg4-qp5w-2c3w"
},
{
"type": "WEB",
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48387"
},
{
"type": "WEB",
"url": "https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f"
},
{
"type": "PACKAGE",
"url": "https://github.com/mafintosh/tar-fs"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00012.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "tar-fs can extract outside the specified dir with a specific tarball"
}
fkie_cve-2025-48387
Vulnerability from fkie_nvd
Published
2025-06-02 20:15
Modified
2025-11-03 20:19
Severity ?
Summary
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/google/security-research/security/advisories/GHSA-xrg4-qp5w-2c3w | ||
| security-advisories@github.com | https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f | ||
| security-advisories@github.com | https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/06/msg00012.html |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories."
},
{
"lang": "es",
"value": "tar-fs proporciona enlaces de sistema de archivos para tar-stream. Las versiones anteriores a 3.0.9, 2.1.3 y 1.16.5 presentan un problema que permite que un extracto escriba fuera del directorio especificado con un archivo tar espec\u00edfico. Esto se ha corregido en las versiones 3.0.9, 2.1.3 y 1.16.5. Como workaround, utilice la opci\u00f3n ignorar para ignorar archivos o directorios que no sean archivos."
}
],
"id": "CVE-2025-48387",
"lastModified": "2025-11-03T20:19:06.267",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-06-02T20:15:22.930",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/google/security-research/security/advisories/GHSA-xrg4-qp5w-2c3w"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00012.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
msrc_cve-2025-48387
Vulnerability from csaf_microsoft
Published
2025-06-02 00:00
Modified
2025-07-11 00:00
Summary
tar-fs has issue where extract can write outside the specified dir with a specific tarball
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48387 tar-fs has issue where extract can write outside the specified dir with a specific tarball - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-48387.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "tar-fs has issue where extract can write outside the specified dir with a specific tarball",
"tracking": {
"current_release_date": "2025-07-11T00:00:00.000Z",
"generator": {
"date": "2025-10-20T03:23:37.626Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-48387",
"initial_release_date": "2025-06-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-07-11T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm2 reaper 3.1.1-19",
"product": {
"name": "\u003ccm2 reaper 3.1.1-19",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cm2 reaper 3.1.1-19",
"product": {
"name": "cm2 reaper 3.1.1-19",
"product_id": "19542"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 reaper 3.1.1-19",
"product": {
"name": "\u003ccbl2 reaper 3.1.1-19",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 reaper 3.1.1-19",
"product": {
"name": "cbl2 reaper 3.1.1-19",
"product_id": "20124"
}
}
],
"category": "product_name",
"name": "reaper"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm2 reaper 3.1.1-19 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm2 reaper 3.1.1-19 as a component of CBL Mariner 2.0",
"product_id": "19542-17086"
},
"product_reference": "19542",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 reaper 3.1.1-19 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 reaper 3.1.1-19 as a component of CBL Mariner 2.0",
"product_id": "20124-17086"
},
"product_reference": "20124",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-48387",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0026#39;Path Traversal\u0026#39;)"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19542-17086",
"20124-17086"
],
"known_affected": [
"17086-2",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48387 tar-fs has issue where extract can write outside the specified dir with a specific tarball - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-48387.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-11T00:00:00.000Z",
"details": "3.1.1-19:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-2",
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"title": "tar-fs has issue where extract can write outside the specified dir with a specific tarball"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…