csaf_redhat - rhba-2024:5869

rhba-2024:5869

Vulnerability from csaf_redhat

Published

2024-08-26 17:53

Modified

2025-09-10 13:33

Summary

Red Hat Bug Fix Advisory: updated RHDH-1.1-RHEL-9 container images

Notes

Topic

Updated RHDH-1.1-RHEL-9 container images are now available

Details

The RHDH-1.1-RHEL-9 container images have been updated to address the following security advisory: RHSA-2024:5529 (see References) Users of RHDH-1.1-RHEL-9 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory in Red Hat Container Catalog (see References).

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated RHDH-1.1-RHEL-9 container images are now available",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The RHDH-1.1-RHEL-9 container images have been updated to address the following security advisory: RHSA-2024:5529 (see References)\n\nUsers of RHDH-1.1-RHEL-9 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHBA-2024:5869",
        "url": "https://access.redhat.com/errata/RHBA-2024:5869"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/errata/RHSA-2024:5529",
        "url": "https://access.redhat.com/errata/RHSA-2024:5529"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/containers",
        "url": "https://access.redhat.com/containers"
      },
      {
        "category": "external",
        "summary": "2270498",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_5869.json"
      }
    ],
    "title": "Red Hat Bug Fix Advisory: updated RHDH-1.1-RHEL-9 container images",
    "tracking": {
      "current_release_date": "2025-09-10T13:33:53+00:00",
      "generator": {
        "date": "2025-09-10T13:33:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.7"
        }
      },
      "id": "RHBA-2024:5869",
      "initial_release_date": "2024-08-26T17:53:15+00:00",
      "revision_history": [
        {
          "date": "2024-08-26T17:53:15+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-08-26T17:53:15+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-09-10T13:33:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHDH 1.1 for RHEL 9",
                "product": {
                  "name": "RHDH 1.1 for RHEL 9",
                  "product_id": "9Base-RHDH-1.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhdh:1.1::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Developer Hub"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhdh/rhdh-hub-rhel9@sha256:34da2c4b49b756d8e1eab4c2974aaf8f0f7eb2360574c51e91126e171fbcc355_amd64",
                "product": {
                  "name": "rhdh/rhdh-hub-rhel9@sha256:34da2c4b49b756d8e1eab4c2974aaf8f0f7eb2360574c51e91126e171fbcc355_amd64",
                  "product_id": "rhdh/rhdh-hub-rhel9@sha256:34da2c4b49b756d8e1eab4c2974aaf8f0f7eb2360574c51e91126e171fbcc355_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhdh-hub-rhel9@sha256:34da2c4b49b756d8e1eab4c2974aaf8f0f7eb2360574c51e91126e171fbcc355?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-hub-rhel9\u0026tag=1.1-107.1724038966"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhdh/rhdh-hub-rhel9@sha256:34da2c4b49b756d8e1eab4c2974aaf8f0f7eb2360574c51e91126e171fbcc355_amd64 as a component of RHDH 1.1 for RHEL 9",
          "product_id": "9Base-RHDH-1.1:rhdh/rhdh-hub-rhel9@sha256:34da2c4b49b756d8e1eab4c2974aaf8f0f7eb2360574c51e91126e171fbcc355_amd64"
        },
        "product_reference": "rhdh/rhdh-hub-rhel9@sha256:34da2c4b49b756d8e1eab4c2974aaf8f0f7eb2360574c51e91126e171fbcc355_amd64",
        "relates_to_product_reference": "9Base-RHDH-1.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Josephine Pfeiffer"
          ]
        }
      ],
      "cve": "CVE-2023-6944",
      "cwe": {
        "id": "CWE-209",
        "name": "Generation of Error Message Containing Sensitive Information"
      },
      "discovery_date": "2023-12-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2255204"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "RHDH: catalog-import function leaks credentials to frontend",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability is assessed with a Moderate impact rating since its exploitation necessitates the user inputting an invalid token.\n\nRed Hat Developer Hub contains the fix for this vulnerability with Backstage 1.22.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHDH-1.1:rhdh/rhdh-hub-rhel9@sha256:34da2c4b49b756d8e1eab4c2974aaf8f0f7eb2360574c51e91126e171fbcc355_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6944"
        },
        {
          "category": "external",
          "summary": "RHBZ#2255204",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255204"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6944",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6944"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6944",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6944"
        }
      ],
      "release_date": "2023-12-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-08-26T17:53:15+00:00",
          "details": "The RHDH-1.1-RHEL-9 container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "9Base-RHDH-1.1:rhdh/rhdh-hub-rhel9@sha256:34da2c4b49b756d8e1eab4c2974aaf8f0f7eb2360574c51e91126e171fbcc355_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2024:5869"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability until you can update to RHDH 1.1, ensure that the base64 encoded GitLab token does not contain a newline character at the end. Removing the newline from the token prevents the unintended disclosure of the access token through the frontend.",
          "product_ids": [
            "9Base-RHDH-1.1:rhdh/rhdh-hub-rhel9@sha256:34da2c4b49b756d8e1eab4c2974aaf8f0f7eb2360574c51e91126e171fbcc355_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHDH-1.1:rhdh/rhdh-hub-rhel9@sha256:34da2c4b49b756d8e1eab4c2974aaf8f0f7eb2360574c51e91126e171fbcc355_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "RHDH: catalog-import function leaks credentials to frontend"
    }
  ]
}

CVE-2023-6944 (GCVE-0-2023-6944)

Vulnerability from cvelistv5

Published

2024-01-04 10:02

Modified

2025-09-05 12:00

Severity ?

5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE

CWE-209 - Generation of Error Message Containing Sensitive Information

Summary

A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHBA-2024:5869	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-6944	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2255204	issue-tracking, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	Red Hat	RHDH-1.1-RHEL-9	Unaffected: 1.1-107.1724038966 < * cpe:/a:redhat:rhdh:1.1::el9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:42:08.676Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-6944"
          },
          {
            "name": "RHBZ#2255204",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255204"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6944",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-09T16:10:23.297222Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T20:29:11.471Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhdh:1.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhdh/rhdh-hub-rhel9",
          "product": "RHDH-1.1-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.1-107.1724038966",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Josephine Pfeiffer for reporting this issue."
        }
      ],
      "datePublic": "2023-12-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-05T12:00:26.300Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHBA-2024:5869",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2024:5869"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-6944"
        },
        {
          "name": "RHBZ#2255204",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255204"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-17T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-19T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Rhdh: catalog-import function leaks credentials to frontend",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this vulnerability until you can update to RHDH 1.1, ensure that the base64 encoded GitLab token does not contain a newline character at the end. Removing the newline from the token prevents the unintended disclosure of the access token through the frontend."
        }
      ],
      "x_redhatCweChain": "CWE-209: Generation of Error Message Containing Sensitive Information"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-6944",
    "datePublished": "2024-01-04T10:02:38.088Z",
    "dateReserved": "2023-12-19T10:23:24.260Z",
    "dateUpdated": "2025-09-05T12:00:26.300Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted