rhsa-2022_0431
Vulnerability from csaf_redhat
Published
2022-02-03 15:13
Modified
2024-12-08 13:53
Summary
Red Hat Security Advisory: Red Hat Advanced Cluster Security 3.68 security and enhancement update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security for
Kubernetes (RHACS). The updated image includes a bug fixes, security patches and new feature enhancements.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
New features
1. Vulnerability triage workflows - RHACS 3.68 includes the ability to triage vulnerabilities in a variety of ways to support your vulnerability management process. See Managing vulnerabilities for more information.
2. Report scheduling for vulnerabilities - RHACS 3.68 includes the ability to schedule reports for vulnerabilities helping you to send scheduled communications to key stakeholders to assist in the vulnerability management process. See Reporting vulnerabilities to teams for more information.
3. Use AWS ECR AssumeRoles - AWS AssumeRoles allows you to define roles with specific permissions and then granting users access to those roles. {product-title} 3.68 includes the ability to use AWS ECR AssumeRoles to configure roles and grant various levels of access to users. For more details, see Using assumerole with Amazon ECR.
Important bug fixes
1. Previously, searching for CVE’s with a specific severity did not returned any results. This issue has been fixed.
2. Previously, when configuring the Manage Watches feature, if you added more than 12 images to the watch list, the image list would not display properly. This issue has been fixed.
3. Previously, when the RHACS Operator accessed the central-htpasswd secret, it would create a false positive policy violation for the OpenShift: Advanced Cluster Security Central Admin Secret Accessed default policy. This issue has been fixed.
Security update
1. In earlier versions of RHACS, the write permission for the APIToken resource allowed users to create API tokens for any role, including the admin role. This issue has been fixed.
2. The scanner image has been updated to patch CVE-2021-29923.
* golang: net: incorrect parsing of extraneous zero characters at the
beginning of an IP address octet (CVE-2021-29923)
Important system changes
1. RHACS 3.68 includes updates for the Log4Shell vulnerability detection policy. With this update this policy also detects CVE-2021-45046 and it includes the updated remediation based on the latest guidance by the Apache Logging security team.
2. When you upgrade to RHACS 3.68, roles that include write access on the Images resource will have write permissions for both VulnerabilityManagementRequests and VulnerabilityManagementApprovals resource. Red Hat recommends updating the roles to only include the least amount of resources required for each role.
3. If you have installed RHACS using Helm, this update disabled the cluster configuration options in the {product-title-short} portal. You can continue to use Helm configuration files.
4. RHACS 3.68 sends notifications for every runtime policy violation rather than sending notifications only the first encountered violation. This is the default behavior.
5. Tags of the scanner, scanner-db, and collector images, including the collector-slim variant, are now identical to the main image tag.
6. Red Has changed the image names for collector-slim. -slim is no longer part of the image tag.
7. The roxctl CLI includes a new --image-defaults option for the roxctl helm output and roxctl central generate commands. It allows selecting the default registry from which container images are taken for deploying central and scanner.
8. Red Hat has deprecated the --rhacs option for the roxctl helm output command. Use --rhacs-image-defaults option instead.
9. By default, the roxctl helm output command now uses the images from registry.redhat.io rather than stackrox.io.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated images are now available for Red Hat Advanced Cluster Security for\nKubernetes (RHACS). The updated image includes a bug fixes, security patches and new feature enhancements.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "New features\n1. Vulnerability triage workflows - RHACS 3.68 includes the ability to triage vulnerabilities in a variety of ways to support your vulnerability management process. See Managing vulnerabilities for more information.\n2. Report scheduling for vulnerabilities - RHACS 3.68 includes the ability to schedule reports for vulnerabilities helping you to send scheduled communications to key stakeholders to assist in the vulnerability management process. See Reporting vulnerabilities to teams for more information.\n3. Use AWS ECR AssumeRoles - AWS AssumeRoles allows you to define roles with specific permissions and then granting users access to those roles. {product-title} 3.68 includes the ability to use AWS ECR AssumeRoles to configure roles and grant various levels of access to users. For more details, see Using assumerole with Amazon ECR.\n\nImportant bug fixes\n\n1. Previously, searching for CVE\u2019s with a specific severity did not returned any results. This issue has been fixed.\n2. Previously, when configuring the Manage Watches feature, if you added more than 12 images to the watch list, the image list would not display properly. This issue has been fixed.\n3. Previously, when the RHACS Operator accessed the central-htpasswd secret, it would create a false positive policy violation for the OpenShift: Advanced Cluster Security Central Admin Secret Accessed default policy. This issue has been fixed.\n\nSecurity update\n\n1. In earlier versions of RHACS, the write permission for the APIToken resource allowed users to create API tokens for any role, including the admin role. This issue has been fixed.\n2. The scanner image has been updated to patch CVE-2021-29923.\n* golang: net: incorrect parsing of extraneous zero characters at the\nbeginning of an IP address octet (CVE-2021-29923)\n\nImportant system changes\n\n1. RHACS 3.68 includes updates for the Log4Shell vulnerability detection policy. With this update this policy also detects CVE-2021-45046 and it includes the updated remediation based on the latest guidance by the Apache Logging security team.\n2. When you upgrade to RHACS 3.68, roles that include write access on the Images resource will have write permissions for both VulnerabilityManagementRequests and VulnerabilityManagementApprovals resource. Red Hat recommends updating the roles to only include the least amount of resources required for each role.\n3. If you have installed RHACS using Helm, this update disabled the cluster configuration options in the {product-title-short} portal. You can continue to use Helm configuration files.\n4. RHACS 3.68 sends notifications for every runtime policy violation rather than sending notifications only the first encountered violation. This is the default behavior. \n5. Tags of the scanner, scanner-db, and collector images, including the collector-slim variant, are now identical to the main image tag. \n6. Red Has changed the image names for collector-slim. -slim is no longer part of the image tag. \n7. The roxctl CLI includes a new --image-defaults option for the roxctl helm output and roxctl central generate commands. It allows selecting the default registry from which container images are taken for deploying central and scanner.\n8. Red Hat has deprecated the --rhacs option for the roxctl helm output command. Use --rhacs-image-defaults option instead.\n9. By default, the roxctl helm output command now uses the images from registry.redhat.io rather than stackrox.io.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0431", "url": "https://access.redhat.com/errata/RHSA-2022:0431" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1992006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006" }, { "category": "external", "summary": "ROX-9334", "url": "https://issues.redhat.com/browse/ROX-9334" }, { "category": "external", "summary": "ROX-9362", "url": "https://issues.redhat.com/browse/ROX-9362" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0431.json" } ], "title": "Red Hat Security Advisory: Red Hat Advanced Cluster Security 3.68 security and enhancement update", "tracking": { "current_release_date": "2024-12-08T13:53:31+00:00", "generator": { "date": "2024-12-08T13:53:31+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2022:0431", "initial_release_date": "2022-02-03T15:13:02+00:00", "revision_history": [ { "date": "2022-02-03T15:13:02+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-02-03T15:13:02+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T13:53:31+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHACS 3.68 for RHEL 8", "product": { "name": "RHACS 3.68 for RHEL 8", "product_id": "8Base-RHACS-3.68", "product_identification_helper": { "cpe": "cpe:/a:redhat:advanced_cluster_security:3.68::el8" } } } ], "category": "product_family", "name": "Red Hat Advanced Cluster Security for Kubernetes" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:cd11379439dab7e64972824a5bae2e51e7c3d2a2b7e7a193813497709b71ec19_amd64", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:cd11379439dab7e64972824a5bae2e51e7c3d2a2b7e7a193813497709b71ec19_amd64", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:cd11379439dab7e64972824a5bae2e51e7c3d2a2b7e7a193813497709b71ec19_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:cd11379439dab7e64972824a5bae2e51e7c3d2a2b7e7a193813497709b71ec19?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=3.68.0-6" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:3b56c2e9baf6cf5973ecf46e58d5911e124f690d0ecad4c82b8bffd347691a03_amd64", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:3b56c2e9baf6cf5973ecf46e58d5911e124f690d0ecad4c82b8bffd347691a03_amd64", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:3b56c2e9baf6cf5973ecf46e58d5911e124f690d0ecad4c82b8bffd347691a03_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:3b56c2e9baf6cf5973ecf46e58d5911e124f690d0ecad4c82b8bffd347691a03?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=3.68.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:1c890ec418d66ccf23fc32e5af34aaf12c1276b7268555d1cbe7bb0d07f84755_amd64", "product": { "name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:1c890ec418d66ccf23fc32e5af34aaf12c1276b7268555d1cbe7bb0d07f84755_amd64", "product_id": "advanced-cluster-security/rhacs-docs-rhel8@sha256:1c890ec418d66ccf23fc32e5af34aaf12c1276b7268555d1cbe7bb0d07f84755_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-docs-rhel8@sha256:1c890ec418d66ccf23fc32e5af34aaf12c1276b7268555d1cbe7bb0d07f84755?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-docs-rhel8\u0026tag=3.68.0-5" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:ed3b8893f11372df168da1b222cc12f3dc76e165118737073de5f435659c78e6_amd64", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:ed3b8893f11372df168da1b222cc12f3dc76e165118737073de5f435659c78e6_amd64", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:ed3b8893f11372df168da1b222cc12f3dc76e165118737073de5f435659c78e6_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:ed3b8893f11372df168da1b222cc12f3dc76e165118737073de5f435659c78e6?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=3.68.0-28" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:1178a22943998e0a740d7f89d15244d4b1500376493fb84b652fe1ba998bf1d3_amd64", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:1178a22943998e0a740d7f89d15244d4b1500376493fb84b652fe1ba998bf1d3_amd64", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:1178a22943998e0a740d7f89d15244d4b1500376493fb84b652fe1ba998bf1d3_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:1178a22943998e0a740d7f89d15244d4b1500376493fb84b652fe1ba998bf1d3?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=3.68.0-8" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:8c054f058e80f1218f2b05d45fc876fd6a41bebe138f3eff696d2af6bdff64e2_amd64", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:8c054f058e80f1218f2b05d45fc876fd6a41bebe138f3eff696d2af6bdff64e2_amd64", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:8c054f058e80f1218f2b05d45fc876fd6a41bebe138f3eff696d2af6bdff64e2_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:8c054f058e80f1218f2b05d45fc876fd6a41bebe138f3eff696d2af6bdff64e2?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=3.68.0-5" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e09753e78c7854cbe976289127a6f150706cf4c959accd557b6dbf50b95edf8b_amd64", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e09753e78c7854cbe976289127a6f150706cf4c959accd557b6dbf50b95edf8b_amd64", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e09753e78c7854cbe976289127a6f150706cf4c959accd557b6dbf50b95edf8b_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:e09753e78c7854cbe976289127a6f150706cf4c959accd557b6dbf50b95edf8b?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=3.68.0-5" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:eca5c5e7bf69bc0d2771f290d7b8157126df0ceccf805cbfc8d48acb678f46e7_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:eca5c5e7bf69bc0d2771f290d7b8157126df0ceccf805cbfc8d48acb678f46e7_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:eca5c5e7bf69bc0d2771f290d7b8157126df0ceccf805cbfc8d48acb678f46e7_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:eca5c5e7bf69bc0d2771f290d7b8157126df0ceccf805cbfc8d48acb678f46e7?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=3.68.0-6" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:bec259b5478ff5bb220acb11887bc83bef35ac0ebb3f765683556174a159f5ad_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:bec259b5478ff5bb220acb11887bc83bef35ac0ebb3f765683556174a159f5ad_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:bec259b5478ff5bb220acb11887bc83bef35ac0ebb3f765683556174a159f5ad_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:bec259b5478ff5bb220acb11887bc83bef35ac0ebb3f765683556174a159f5ad?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=3.68.0-6" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:cd11379439dab7e64972824a5bae2e51e7c3d2a2b7e7a193813497709b71ec19_amd64 as a component of RHACS 3.68 for RHEL 8", "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd11379439dab7e64972824a5bae2e51e7c3d2a2b7e7a193813497709b71ec19_amd64" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:cd11379439dab7e64972824a5bae2e51e7c3d2a2b7e7a193813497709b71ec19_amd64", "relates_to_product_reference": "8Base-RHACS-3.68" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:3b56c2e9baf6cf5973ecf46e58d5911e124f690d0ecad4c82b8bffd347691a03_amd64 as a component of RHACS 3.68 for RHEL 8", "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:3b56c2e9baf6cf5973ecf46e58d5911e124f690d0ecad4c82b8bffd347691a03_amd64" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:3b56c2e9baf6cf5973ecf46e58d5911e124f690d0ecad4c82b8bffd347691a03_amd64", "relates_to_product_reference": "8Base-RHACS-3.68" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:1c890ec418d66ccf23fc32e5af34aaf12c1276b7268555d1cbe7bb0d07f84755_amd64 as a component of RHACS 3.68 for RHEL 8", "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-docs-rhel8@sha256:1c890ec418d66ccf23fc32e5af34aaf12c1276b7268555d1cbe7bb0d07f84755_amd64" }, "product_reference": "advanced-cluster-security/rhacs-docs-rhel8@sha256:1c890ec418d66ccf23fc32e5af34aaf12c1276b7268555d1cbe7bb0d07f84755_amd64", "relates_to_product_reference": "8Base-RHACS-3.68" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:ed3b8893f11372df168da1b222cc12f3dc76e165118737073de5f435659c78e6_amd64 as a component of RHACS 3.68 for RHEL 8", "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-main-rhel8@sha256:ed3b8893f11372df168da1b222cc12f3dc76e165118737073de5f435659c78e6_amd64" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:ed3b8893f11372df168da1b222cc12f3dc76e165118737073de5f435659c78e6_amd64", "relates_to_product_reference": "8Base-RHACS-3.68" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:1178a22943998e0a740d7f89d15244d4b1500376493fb84b652fe1ba998bf1d3_amd64 as a component of RHACS 3.68 for RHEL 8", "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-operator-bundle@sha256:1178a22943998e0a740d7f89d15244d4b1500376493fb84b652fe1ba998bf1d3_amd64" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:1178a22943998e0a740d7f89d15244d4b1500376493fb84b652fe1ba998bf1d3_amd64", "relates_to_product_reference": "8Base-RHACS-3.68" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:8c054f058e80f1218f2b05d45fc876fd6a41bebe138f3eff696d2af6bdff64e2_amd64 as a component of RHACS 3.68 for RHEL 8", "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-rhel8-operator@sha256:8c054f058e80f1218f2b05d45fc876fd6a41bebe138f3eff696d2af6bdff64e2_amd64" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:8c054f058e80f1218f2b05d45fc876fd6a41bebe138f3eff696d2af6bdff64e2_amd64", "relates_to_product_reference": "8Base-RHACS-3.68" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e09753e78c7854cbe976289127a6f150706cf4c959accd557b6dbf50b95edf8b_amd64 as a component of RHACS 3.68 for RHEL 8", "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e09753e78c7854cbe976289127a6f150706cf4c959accd557b6dbf50b95edf8b_amd64" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e09753e78c7854cbe976289127a6f150706cf4c959accd557b6dbf50b95edf8b_amd64", "relates_to_product_reference": "8Base-RHACS-3.68" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:bec259b5478ff5bb220acb11887bc83bef35ac0ebb3f765683556174a159f5ad_amd64 as a component of RHACS 3.68 for RHEL 8", "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:bec259b5478ff5bb220acb11887bc83bef35ac0ebb3f765683556174a159f5ad_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:bec259b5478ff5bb220acb11887bc83bef35ac0ebb3f765683556174a159f5ad_amd64", "relates_to_product_reference": "8Base-RHACS-3.68" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:eca5c5e7bf69bc0d2771f290d7b8157126df0ceccf805cbfc8d48acb678f46e7_amd64 as a component of RHACS 3.68 for RHEL 8", "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-rhel8@sha256:eca5c5e7bf69bc0d2771f290d7b8157126df0ceccf805cbfc8d48acb678f46e7_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:eca5c5e7bf69bc0d2771f290d7b8157126df0ceccf805cbfc8d48acb678f46e7_amd64", "relates_to_product_reference": "8Base-RHACS-3.68" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-29923", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd11379439dab7e64972824a5bae2e51e7c3d2a2b7e7a193813497709b71ec19_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:3b56c2e9baf6cf5973ecf46e58d5911e124f690d0ecad4c82b8bffd347691a03_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-docs-rhel8@sha256:1c890ec418d66ccf23fc32e5af34aaf12c1276b7268555d1cbe7bb0d07f84755_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-main-rhel8@sha256:ed3b8893f11372df168da1b222cc12f3dc76e165118737073de5f435659c78e6_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-operator-bundle@sha256:1178a22943998e0a740d7f89d15244d4b1500376493fb84b652fe1ba998bf1d3_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-rhel8-operator@sha256:8c054f058e80f1218f2b05d45fc876fd6a41bebe138f3eff696d2af6bdff64e2_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e09753e78c7854cbe976289127a6f150706cf4c959accd557b6dbf50b95edf8b_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:bec259b5478ff5bb220acb11887bc83bef35ac0ebb3f765683556174a159f5ad_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1992006" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses the net standard library and ParseIP / ParseCIDR functions. There are components which might not use these functions or might use them to parse IP addresses and not manage them in any way (only store information about the ip address) . This reduces the severity of this vulnerability to Low for the following offerings:\n* OpenShift distributed tracing (formerly OpenShift Jaeger)\n* OpenShift Migration Toolkit for Containers\n* OpenShift Container Platform", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-rhel8@sha256:eca5c5e7bf69bc0d2771f290d7b8157126df0ceccf805cbfc8d48acb678f46e7_amd64" ], "known_not_affected": [ "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd11379439dab7e64972824a5bae2e51e7c3d2a2b7e7a193813497709b71ec19_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:3b56c2e9baf6cf5973ecf46e58d5911e124f690d0ecad4c82b8bffd347691a03_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-docs-rhel8@sha256:1c890ec418d66ccf23fc32e5af34aaf12c1276b7268555d1cbe7bb0d07f84755_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-main-rhel8@sha256:ed3b8893f11372df168da1b222cc12f3dc76e165118737073de5f435659c78e6_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-operator-bundle@sha256:1178a22943998e0a740d7f89d15244d4b1500376493fb84b652fe1ba998bf1d3_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-rhel8-operator@sha256:8c054f058e80f1218f2b05d45fc876fd6a41bebe138f3eff696d2af6bdff64e2_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e09753e78c7854cbe976289127a6f150706cf4c959accd557b6dbf50b95edf8b_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:bec259b5478ff5bb220acb11887bc83bef35ac0ebb3f765683556174a159f5ad_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-29923" }, { "category": "external", "summary": "RHBZ#1992006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29923", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29923" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923" }, { "category": "external", "summary": "https://sick.codes/sick-2021-016/", "url": "https://sick.codes/sick-2021-016/" } ], "release_date": "2021-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-02-03T15:13:02+00:00", "details": "To take advantage of the new features, bug fixes and security patches issued in 3.68 you are advised to upgrade to patch release 3.68.0.", "product_ids": [ "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-rhel8@sha256:eca5c5e7bf69bc0d2771f290d7b8157126df0ceccf805cbfc8d48acb678f46e7_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0431" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd11379439dab7e64972824a5bae2e51e7c3d2a2b7e7a193813497709b71ec19_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:3b56c2e9baf6cf5973ecf46e58d5911e124f690d0ecad4c82b8bffd347691a03_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-docs-rhel8@sha256:1c890ec418d66ccf23fc32e5af34aaf12c1276b7268555d1cbe7bb0d07f84755_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-main-rhel8@sha256:ed3b8893f11372df168da1b222cc12f3dc76e165118737073de5f435659c78e6_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-operator-bundle@sha256:1178a22943998e0a740d7f89d15244d4b1500376493fb84b652fe1ba998bf1d3_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-rhel8-operator@sha256:8c054f058e80f1218f2b05d45fc876fd6a41bebe138f3eff696d2af6bdff64e2_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e09753e78c7854cbe976289127a6f150706cf4c959accd557b6dbf50b95edf8b_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:bec259b5478ff5bb220acb11887bc83bef35ac0ebb3f765683556174a159f5ad_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-rhel8@sha256:eca5c5e7bf69bc0d2771f290d7b8157126df0ceccf805cbfc8d48acb678f46e7_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-rhel8@sha256:cd11379439dab7e64972824a5bae2e51e7c3d2a2b7e7a193813497709b71ec19_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:3b56c2e9baf6cf5973ecf46e58d5911e124f690d0ecad4c82b8bffd347691a03_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-docs-rhel8@sha256:1c890ec418d66ccf23fc32e5af34aaf12c1276b7268555d1cbe7bb0d07f84755_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-main-rhel8@sha256:ed3b8893f11372df168da1b222cc12f3dc76e165118737073de5f435659c78e6_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-operator-bundle@sha256:1178a22943998e0a740d7f89d15244d4b1500376493fb84b652fe1ba998bf1d3_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-rhel8-operator@sha256:8c054f058e80f1218f2b05d45fc876fd6a41bebe138f3eff696d2af6bdff64e2_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e09753e78c7854cbe976289127a6f150706cf4c959accd557b6dbf50b95edf8b_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:bec259b5478ff5bb220acb11887bc83bef35ac0ebb3f765683556174a159f5ad_amd64", "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-rhel8@sha256:eca5c5e7bf69bc0d2771f290d7b8157126df0ceccf805cbfc8d48acb678f46e7_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.