csaf_redhat - rhsa-2022

rhsa-2022_5704

Vulnerability from csaf_redhat

Published

2022-07-25 22:09

Modified

2024-11-22 19:48

Summary

Red Hat Security Advisory: ACS 3.71 enhancement and security update

Notes

Topic

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Release of ACS 3.71 provides these changes: Security Fix(es): * go-tuf: No protection against rollback attacks for roles other than root (CVE-2022-29173) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. New Features: * New RHACS dashboard and widgets * New default policy for privilege escalation: detects if a deployment is running with a container that has allowPrivilegeEscalation set to true. This policy is enabled by default. The privilege escalation setting is enabled in Kubernetes pods by default. * New default policy for externally exposed service: detects if a deployment has any service that is externally exposed through any methods. The policy is disabled by default. * Ability to assign multiple RHACS roles to users and groups: Allows you to assign multiple roles using key-value pairs to a single user or group. * List of network policies in Deployment tab for violations: A new information section has been added to help resolve a "missing Kubernetes network policy" violation that lists all the Kubernetes network policies applicable to the namespace of the offending deployment. * Alpine 3.16 support for Scanner Enhancements: * Change to roxctl image scan behavior: The default value for the --include-snoozed option of the roxctl image scan command is set to false. If the --include-snoozed option is set to false, the scan does not include snoozed CVEs. * Diagnostic bundles update: These now include notifiers, auth providers and auth provider groups, access control roles with attached permission set and access scope, and system configuration information. Users with the DebugLogs permission can read listed entities from a generated diagnostic bundle regardless of their respective permissions. * Align OCP4-CIS scanning benchmarks control numbers: The CIS control number has been added to compliance scan results to enable customers to reference the original control from the CIS benchmark standard. Notable technical changes: * eBPF is now the default collection method: Updated the default collection method for Collector to eBPF. Deprecated features: * RenamePolicyCategory and DeletePolicyCategory API endpoints * Permissions: AuthPlugin, AuthProvider, Group, Licenses, Role, User, Indicator, NetworkBaseline, ProcessWhitelist, Risk, APIToken, BackupPlugins, ImageIntegration, Notifier, SignatureIntegration, ImageComponent * Retrieving groups by property * vulns fields of storage.Node object in response payload of v1/nodes * /v1/cves/suppress and /v1/cves/unsuppress Removed features: * Anchore, Tenable, and Docker Trusted Registry integrations * External authorization plug-in for scoped access control * FROM option in the Disallowed Dockerfile line policy field * PodSecurityPolicy (PSP) Kubernetes objects

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug fixes and feature improvements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Release of ACS 3.71 provides these changes:\n\nSecurity Fix(es):\n\n* go-tuf: No protection against rollback attacks for roles other than root (CVE-2022-29173)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nNew Features:\n\n* New RHACS dashboard and widgets\n* New default policy for privilege escalation: detects if a deployment is running with a container that has allowPrivilegeEscalation set to true. This policy is enabled by default. The privilege escalation setting is enabled in Kubernetes pods by default.\n* New default policy for externally exposed service: detects if a deployment has any service that is externally exposed through any methods. The policy is disabled by default. \n* Ability to assign multiple RHACS roles to users and groups: Allows you to assign multiple roles using key-value pairs to a single user or group. \n* List of network policies in Deployment tab for violations: A new information section has been added to help resolve a \"missing Kubernetes network policy\" violation that lists all the Kubernetes network policies applicable to the namespace of the offending deployment. \n* Alpine 3.16 support for Scanner\n\nEnhancements:\n* Change to roxctl image scan behavior: The default value for the --include-snoozed option of the roxctl image scan command is set to false. If the --include-snoozed option is set to false, the scan does not include snoozed CVEs.\n* Diagnostic bundles update: These now include notifiers, auth providers and auth provider groups, access control roles with attached permission set and access scope, and system configuration information. Users with the DebugLogs permission can read listed entities from a generated diagnostic bundle regardless of their respective permissions.\n* Align OCP4-CIS scanning benchmarks control numbers: The CIS control number has been added to compliance scan results to enable customers to reference the original control from the CIS benchmark standard.\n\nNotable technical changes:\n* eBPF is now the default collection method: Updated the default collection method for Collector to eBPF. \n\nDeprecated features:\n\n* RenamePolicyCategory and DeletePolicyCategory API endpoints\n* Permissions: AuthPlugin, AuthProvider, Group, Licenses, Role, User, Indicator, NetworkBaseline, ProcessWhitelist, Risk, APIToken, BackupPlugins, ImageIntegration, Notifier, SignatureIntegration, ImageComponent\n* Retrieving groups by property\n* vulns fields of storage.Node object in response payload of v1/nodes\n* /v1/cves/suppress and /v1/cves/unsuppress\n\nRemoved features:\n\n* Anchore, Tenable, and Docker Trusted Registry integrations\n* External authorization plug-in for scoped access control\n* FROM option in the Disallowed Dockerfile line policy field\n* PodSecurityPolicy (PSP) Kubernetes objects",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:5704",
        "url": "https://access.redhat.com/errata/RHSA-2022:5704"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2082400",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082400"
      },
      {
        "category": "external",
        "summary": "ROX-11898",
        "url": "https://issues.redhat.com/browse/ROX-11898"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5704.json"
      }
    ],
    "title": "Red Hat Security Advisory: ACS 3.71 enhancement and security update",
    "tracking": {
      "current_release_date": "2024-11-22T19:48:04+00:00",
      "generator": {
        "date": "2024-11-22T19:48:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2022:5704",
      "initial_release_date": "2022-07-25T22:09:12+00:00",
      "revision_history": [
        {
          "date": "2022-07-25T22:09:12+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-07-25T22:09:13+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T19:48:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHACS 3.71 for RHEL 8",
                "product": {
                  "name": "RHACS 3.71 for RHEL 8",
                  "product_id": "8Base-RHACS-3.71",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:advanced_cluster_security:3.71::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Cluster Security for Kubernetes"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7dae7101375d853f1e92abb2ea329aff92facd173aa2e59e55da90b69c0505ea_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7dae7101375d853f1e92abb2ea329aff92facd173aa2e59e55da90b69c0505ea_amd64",
                  "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7dae7101375d853f1e92abb2ea329aff92facd173aa2e59e55da90b69c0505ea_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-collector-rhel8@sha256:7dae7101375d853f1e92abb2ea329aff92facd173aa2e59e55da90b69c0505ea?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=3.71.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:5ca826d30594df2664e1ce750a3523e756cdfea2f1d3d0ff9e9eb6f4781ce075_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:5ca826d30594df2664e1ce750a3523e756cdfea2f1d3d0ff9e9eb6f4781ce075_amd64",
                  "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:5ca826d30594df2664e1ce750a3523e756cdfea2f1d3d0ff9e9eb6f4781ce075_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:5ca826d30594df2664e1ce750a3523e756cdfea2f1d3d0ff9e9eb6f4781ce075?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=3.71.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:d9cd05afc5f922f7e3d7e121a8b5d33023c969c8e4ad33e4980dc024fe4aa4e1_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:d9cd05afc5f922f7e3d7e121a8b5d33023c969c8e4ad33e4980dc024fe4aa4e1_amd64",
                  "product_id": "advanced-cluster-security/rhacs-docs-rhel8@sha256:d9cd05afc5f922f7e3d7e121a8b5d33023c969c8e4ad33e4980dc024fe4aa4e1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-docs-rhel8@sha256:d9cd05afc5f922f7e3d7e121a8b5d33023c969c8e4ad33e4980dc024fe4aa4e1?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-docs-rhel8\u0026tag=3.71.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:08e9819d6dc2313821df014d2874aa0435b07f16231b97ac4cb610b529ca3aeb_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:08e9819d6dc2313821df014d2874aa0435b07f16231b97ac4cb610b529ca3aeb_amd64",
                  "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:08e9819d6dc2313821df014d2874aa0435b07f16231b97ac4cb610b529ca3aeb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-main-rhel8@sha256:08e9819d6dc2313821df014d2874aa0435b07f16231b97ac4cb610b529ca3aeb?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=3.71.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:e84cda106657d350068a5632fba8c2d858a19de109da9795a1d0b77e26c3b338_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:e84cda106657d350068a5632fba8c2d858a19de109da9795a1d0b77e26c3b338_amd64",
                  "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:e84cda106657d350068a5632fba8c2d858a19de109da9795a1d0b77e26c3b338_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-operator-bundle@sha256:e84cda106657d350068a5632fba8c2d858a19de109da9795a1d0b77e26c3b338?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=3.71.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a24567c3e3e46fd73a31bf484857f677cc1df7744a20dbaa56cd3a1166100bca_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a24567c3e3e46fd73a31bf484857f677cc1df7744a20dbaa56cd3a1166100bca_amd64",
                  "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a24567c3e3e46fd73a31bf484857f677cc1df7744a20dbaa56cd3a1166100bca_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-rhel8-operator@sha256:a24567c3e3e46fd73a31bf484857f677cc1df7744a20dbaa56cd3a1166100bca?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=3.71.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5dffeaa08c48336a8363e6f76cd1170591d18eaf53fb41ae43dc9fdd78a81f8c_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5dffeaa08c48336a8363e6f76cd1170591d18eaf53fb41ae43dc9fdd78a81f8c_amd64",
                  "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5dffeaa08c48336a8363e6f76cd1170591d18eaf53fb41ae43dc9fdd78a81f8c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:5dffeaa08c48336a8363e6f76cd1170591d18eaf53fb41ae43dc9fdd78a81f8c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=3.71.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ae823c0359aa1e3b6996555e75f8a807d24d72a68b18bb3f9de0dbd2be5b4001_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ae823c0359aa1e3b6996555e75f8a807d24d72a68b18bb3f9de0dbd2be5b4001_amd64",
                  "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ae823c0359aa1e3b6996555e75f8a807d24d72a68b18bb3f9de0dbd2be5b4001_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:ae823c0359aa1e3b6996555e75f8a807d24d72a68b18bb3f9de0dbd2be5b4001?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=3.71.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:706eb733801c1755d8a18c176119e3e95680427029110aa2e7c000dde16922fc_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:706eb733801c1755d8a18c176119e3e95680427029110aa2e7c000dde16922fc_amd64",
                  "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:706eb733801c1755d8a18c176119e3e95680427029110aa2e7c000dde16922fc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:706eb733801c1755d8a18c176119e3e95680427029110aa2e7c000dde16922fc?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=3.71.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8b2b996474530a4cf9a8269f3a1ccb944a9d898f842748a2c9d9e91a74f0454c_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8b2b996474530a4cf9a8269f3a1ccb944a9d898f842748a2c9d9e91a74f0454c_amd64",
                  "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8b2b996474530a4cf9a8269f3a1ccb944a9d898f842748a2c9d9e91a74f0454c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:8b2b996474530a4cf9a8269f3a1ccb944a9d898f842748a2c9d9e91a74f0454c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=3.71.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:fa5c69255d4d43a6d04455b310499bf736bc65ca53cc9c8f36e17e9e85f55124_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:fa5c69255d4d43a6d04455b310499bf736bc65ca53cc9c8f36e17e9e85f55124_amd64",
                  "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:fa5c69255d4d43a6d04455b310499bf736bc65ca53cc9c8f36e17e9e85f55124_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:fa5c69255d4d43a6d04455b310499bf736bc65ca53cc9c8f36e17e9e85f55124?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=3.71.0-5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7dae7101375d853f1e92abb2ea329aff92facd173aa2e59e55da90b69c0505ea_amd64 as a component of RHACS 3.71 for RHEL 8",
          "product_id": "8Base-RHACS-3.71:advanced-cluster-security/rhacs-collector-rhel8@sha256:7dae7101375d853f1e92abb2ea329aff92facd173aa2e59e55da90b69c0505ea_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7dae7101375d853f1e92abb2ea329aff92facd173aa2e59e55da90b69c0505ea_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.71"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:5ca826d30594df2664e1ce750a3523e756cdfea2f1d3d0ff9e9eb6f4781ce075_amd64 as a component of RHACS 3.71 for RHEL 8",
          "product_id": "8Base-RHACS-3.71:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:5ca826d30594df2664e1ce750a3523e756cdfea2f1d3d0ff9e9eb6f4781ce075_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:5ca826d30594df2664e1ce750a3523e756cdfea2f1d3d0ff9e9eb6f4781ce075_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.71"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:d9cd05afc5f922f7e3d7e121a8b5d33023c969c8e4ad33e4980dc024fe4aa4e1_amd64 as a component of RHACS 3.71 for RHEL 8",
          "product_id": "8Base-RHACS-3.71:advanced-cluster-security/rhacs-docs-rhel8@sha256:d9cd05afc5f922f7e3d7e121a8b5d33023c969c8e4ad33e4980dc024fe4aa4e1_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-docs-rhel8@sha256:d9cd05afc5f922f7e3d7e121a8b5d33023c969c8e4ad33e4980dc024fe4aa4e1_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.71"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:08e9819d6dc2313821df014d2874aa0435b07f16231b97ac4cb610b529ca3aeb_amd64 as a component of RHACS 3.71 for RHEL 8",
          "product_id": "8Base-RHACS-3.71:advanced-cluster-security/rhacs-main-rhel8@sha256:08e9819d6dc2313821df014d2874aa0435b07f16231b97ac4cb610b529ca3aeb_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:08e9819d6dc2313821df014d2874aa0435b07f16231b97ac4cb610b529ca3aeb_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.71"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:e84cda106657d350068a5632fba8c2d858a19de109da9795a1d0b77e26c3b338_amd64 as a component of RHACS 3.71 for RHEL 8",
          "product_id": "8Base-RHACS-3.71:advanced-cluster-security/rhacs-operator-bundle@sha256:e84cda106657d350068a5632fba8c2d858a19de109da9795a1d0b77e26c3b338_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:e84cda106657d350068a5632fba8c2d858a19de109da9795a1d0b77e26c3b338_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.71"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a24567c3e3e46fd73a31bf484857f677cc1df7744a20dbaa56cd3a1166100bca_amd64 as a component of RHACS 3.71 for RHEL 8",
          "product_id": "8Base-RHACS-3.71:advanced-cluster-security/rhacs-rhel8-operator@sha256:a24567c3e3e46fd73a31bf484857f677cc1df7744a20dbaa56cd3a1166100bca_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a24567c3e3e46fd73a31bf484857f677cc1df7744a20dbaa56cd3a1166100bca_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.71"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5dffeaa08c48336a8363e6f76cd1170591d18eaf53fb41ae43dc9fdd78a81f8c_amd64 as a component of RHACS 3.71 for RHEL 8",
          "product_id": "8Base-RHACS-3.71:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5dffeaa08c48336a8363e6f76cd1170591d18eaf53fb41ae43dc9fdd78a81f8c_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5dffeaa08c48336a8363e6f76cd1170591d18eaf53fb41ae43dc9fdd78a81f8c_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.71"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:706eb733801c1755d8a18c176119e3e95680427029110aa2e7c000dde16922fc_amd64 as a component of RHACS 3.71 for RHEL 8",
          "product_id": "8Base-RHACS-3.71:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:706eb733801c1755d8a18c176119e3e95680427029110aa2e7c000dde16922fc_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:706eb733801c1755d8a18c176119e3e95680427029110aa2e7c000dde16922fc_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.71"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8b2b996474530a4cf9a8269f3a1ccb944a9d898f842748a2c9d9e91a74f0454c_amd64 as a component of RHACS 3.71 for RHEL 8",
          "product_id": "8Base-RHACS-3.71:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8b2b996474530a4cf9a8269f3a1ccb944a9d898f842748a2c9d9e91a74f0454c_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8b2b996474530a4cf9a8269f3a1ccb944a9d898f842748a2c9d9e91a74f0454c_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.71"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ae823c0359aa1e3b6996555e75f8a807d24d72a68b18bb3f9de0dbd2be5b4001_amd64 as a component of RHACS 3.71 for RHEL 8",
          "product_id": "8Base-RHACS-3.71:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ae823c0359aa1e3b6996555e75f8a807d24d72a68b18bb3f9de0dbd2be5b4001_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:ae823c0359aa1e3b6996555e75f8a807d24d72a68b18bb3f9de0dbd2be5b4001_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.71"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:fa5c69255d4d43a6d04455b310499bf736bc65ca53cc9c8f36e17e9e85f55124_amd64 as a component of RHACS 3.71 for RHEL 8",
          "product_id": "8Base-RHACS-3.71:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:fa5c69255d4d43a6d04455b310499bf736bc65ca53cc9c8f36e17e9e85f55124_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:fa5c69255d4d43a6d04455b310499bf736bc65ca53cc9c8f36e17e9e85f55124_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.71"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-29173",
      "cwe": {
        "id": "CWE-354",
        "name": "Improper Validation of Integrity Check Value"
      },
      "discovery_date": "2022-05-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHACS-3.71:advanced-cluster-security/rhacs-collector-rhel8@sha256:7dae7101375d853f1e92abb2ea329aff92facd173aa2e59e55da90b69c0505ea_amd64",
            "8Base-RHACS-3.71:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:5ca826d30594df2664e1ce750a3523e756cdfea2f1d3d0ff9e9eb6f4781ce075_amd64",
            "8Base-RHACS-3.71:advanced-cluster-security/rhacs-operator-bundle@sha256:e84cda106657d350068a5632fba8c2d858a19de109da9795a1d0b77e26c3b338_amd64",
            "8Base-RHACS-3.71:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:706eb733801c1755d8a18c176119e3e95680427029110aa2e7c000dde16922fc_amd64",
            "8Base-RHACS-3.71:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8b2b996474530a4cf9a8269f3a1ccb944a9d898f842748a2c9d9e91a74f0454c_amd64",
            "8Base-RHACS-3.71:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ae823c0359aa1e3b6996555e75f8a807d24d72a68b18bb3f9de0dbd2be5b4001_amd64",
            "8Base-RHACS-3.71:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:fa5c69255d4d43a6d04455b310499bf736bc65ca53cc9c8f36e17e9e85f55124_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2082400"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in go-tuf. This flaw allows an attacker to cause clients to install older software than the software the client previously knew to be available and may include software with known vulnerabilities.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "go-tuf: No protection against rollback attacks for roles other than root",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHACS-3.71:advanced-cluster-security/rhacs-docs-rhel8@sha256:d9cd05afc5f922f7e3d7e121a8b5d33023c969c8e4ad33e4980dc024fe4aa4e1_amd64",
          "8Base-RHACS-3.71:advanced-cluster-security/rhacs-main-rhel8@sha256:08e9819d6dc2313821df014d2874aa0435b07f16231b97ac4cb610b529ca3aeb_amd64",
          "8Base-RHACS-3.71:advanced-cluster-security/rhacs-rhel8-operator@sha256:a24567c3e3e46fd73a31bf484857f677cc1df7744a20dbaa56cd3a1166100bca_amd64",
          "8Base-RHACS-3.71:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5dffeaa08c48336a8363e6f76cd1170591d18eaf53fb41ae43dc9fdd78a81f8c_amd64"
        ],
        "known_not_affected": [
          "8Base-RHACS-3.71:advanced-cluster-security/rhacs-collector-rhel8@sha256:7dae7101375d853f1e92abb2ea329aff92facd173aa2e59e55da90b69c0505ea_amd64",
          "8Base-RHACS-3.71:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:5ca826d30594df2664e1ce750a3523e756cdfea2f1d3d0ff9e9eb6f4781ce075_amd64",
          "8Base-RHACS-3.71:advanced-cluster-security/rhacs-operator-bundle@sha256:e84cda106657d350068a5632fba8c2d858a19de109da9795a1d0b77e26c3b338_amd64",
          "8Base-RHACS-3.71:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:706eb733801c1755d8a18c176119e3e95680427029110aa2e7c000dde16922fc_amd64",
          "8Base-RHACS-3.71:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:8b2b996474530a4cf9a8269f3a1ccb944a9d898f842748a2c9d9e91a74f0454c_amd64",
          "8Base-RHACS-3.71:advanced-cluster-security/rhacs-scanner-rhel8@sha256:ae823c0359aa1e3b6996555e75f8a807d24d72a68b18bb3f9de0dbd2be5b4001_amd64",
          "8Base-RHACS-3.71:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:fa5c69255d4d43a6d04455b310499bf736bc65ca53cc9c8f36e17e9e85f55124_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-29173"
        },
        {
          "category": "external",
          "summary": "RHBZ#2082400",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082400"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29173",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-29173"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29173",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29173"
        },
        {
          "category": "external",
          "summary": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj",
          "url": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj"
        }
      ],
      "release_date": "2022-05-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-07-25T22:09:12+00:00",
          "details": "To take advantage of the new features, bug fixes, and enhancements in RHACS 3.71 you are advised to upgrade to RHACS 3.71.0. For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHACS-3.71:advanced-cluster-security/rhacs-docs-rhel8@sha256:d9cd05afc5f922f7e3d7e121a8b5d33023c969c8e4ad33e4980dc024fe4aa4e1_amd64",
            "8Base-RHACS-3.71:advanced-cluster-security/rhacs-main-rhel8@sha256:08e9819d6dc2313821df014d2874aa0435b07f16231b97ac4cb610b529ca3aeb_amd64",
            "8Base-RHACS-3.71:advanced-cluster-security/rhacs-rhel8-operator@sha256:a24567c3e3e46fd73a31bf484857f677cc1df7744a20dbaa56cd3a1166100bca_amd64",
            "8Base-RHACS-3.71:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5dffeaa08c48336a8363e6f76cd1170591d18eaf53fb41ae43dc9fdd78a81f8c_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5704"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHACS-3.71:advanced-cluster-security/rhacs-docs-rhel8@sha256:d9cd05afc5f922f7e3d7e121a8b5d33023c969c8e4ad33e4980dc024fe4aa4e1_amd64",
            "8Base-RHACS-3.71:advanced-cluster-security/rhacs-main-rhel8@sha256:08e9819d6dc2313821df014d2874aa0435b07f16231b97ac4cb610b529ca3aeb_amd64",
            "8Base-RHACS-3.71:advanced-cluster-security/rhacs-rhel8-operator@sha256:a24567c3e3e46fd73a31bf484857f677cc1df7744a20dbaa56cd3a1166100bca_amd64",
            "8Base-RHACS-3.71:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5dffeaa08c48336a8363e6f76cd1170591d18eaf53fb41ae43dc9fdd78a81f8c_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "go-tuf: No protection against rollback attacks for roles other than root"
    }
  ]
}

cve-2022-29173

Vulnerability from cvelistv5

Published

2022-05-05 22:30

Modified

2024-08-03 06:17

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading.

References

▼	URL	Tags
	https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj	x_refsource_CONFIRM
	https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

theupdateframework

go-tuf

Version: < 0.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:17:54.093Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "go-tuf",
          "vendor": "theupdateframework",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-354",
              "description": "CWE-354: Improper Validation of Integrity Check Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-05T22:30:12",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d"
        }
      ],
      "source": {
        "advisory": "GHSA-66x3-6cw3-v5gj",
        "discovery": "UNKNOWN"
      },
      "title": "No protection against rollback attacks in go-tuf",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-29173",
          "STATE": "PUBLIC",
          "TITLE": "No protection against rollback attacks in go-tuf"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "go-tuf",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 0.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "theupdateframework"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-354: Improper Validation of Integrity Check Value"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj",
              "refsource": "CONFIRM",
              "url": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj"
            },
            {
              "name": "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d",
              "refsource": "MISC",
              "url": "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-66x3-6cw3-v5gj",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-29173",
    "datePublished": "2022-05-05T22:30:12",
    "dateReserved": "2022-04-13T00:00:00",
    "dateUpdated": "2024-08-03T06:17:54.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted