rhsa-2023_3905
Vulnerability from csaf_redhat
Published
2023-06-28 15:42
Modified
2024-12-10 17:53
Summary
Red Hat Security Advisory: Network observability 1.3.0 for Openshift
Notes
Topic
Network Observability 1.3.0 for OpenShift
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Network Observability 1.3.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent.
The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.
This update contains bug fixes.
Security Fix(es):
* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)
* golang: html/template: improper sanitization of CSS values (CVE-2023-24539)
* golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Network Observability 1.3.0 for OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Network Observability 1.3.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent.\n\nThe operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.\n\nThis update contains bug fixes.\n\nSecurity Fix(es):\n\n* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)\n\n* golang: html/template: improper sanitization of CSS values (CVE-2023-24539)\n\n* golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3905",
"url": "https://access.redhat.com/errata/RHSA-2023:3905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2196026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196026"
},
{
"category": "external",
"summary": "2196027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
},
{
"category": "external",
"summary": "2196029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196029"
},
{
"category": "external",
"summary": "NETOBSERV-1003",
"url": "https://issues.redhat.com/browse/NETOBSERV-1003"
},
{
"category": "external",
"summary": "NETOBSERV-1070",
"url": "https://issues.redhat.com/browse/NETOBSERV-1070"
},
{
"category": "external",
"summary": "NETOBSERV-166",
"url": "https://issues.redhat.com/browse/NETOBSERV-166"
},
{
"category": "external",
"summary": "NETOBSERV-391",
"url": "https://issues.redhat.com/browse/NETOBSERV-391"
},
{
"category": "external",
"summary": "NETOBSERV-576",
"url": "https://issues.redhat.com/browse/NETOBSERV-576"
},
{
"category": "external",
"summary": "NETOBSERV-765",
"url": "https://issues.redhat.com/browse/NETOBSERV-765"
},
{
"category": "external",
"summary": "NETOBSERV-773",
"url": "https://issues.redhat.com/browse/NETOBSERV-773"
},
{
"category": "external",
"summary": "NETOBSERV-776",
"url": "https://issues.redhat.com/browse/NETOBSERV-776"
},
{
"category": "external",
"summary": "NETOBSERV-901",
"url": "https://issues.redhat.com/browse/NETOBSERV-901"
},
{
"category": "external",
"summary": "NETOBSERV-934",
"url": "https://issues.redhat.com/browse/NETOBSERV-934"
},
{
"category": "external",
"summary": "NETOBSERV-971",
"url": "https://issues.redhat.com/browse/NETOBSERV-971"
},
{
"category": "external",
"summary": "NETOBSERV-972",
"url": "https://issues.redhat.com/browse/NETOBSERV-972"
},
{
"category": "external",
"summary": "NETOBSERV-976",
"url": "https://issues.redhat.com/browse/NETOBSERV-976"
},
{
"category": "external",
"summary": "NETOBSERV-981",
"url": "https://issues.redhat.com/browse/NETOBSERV-981"
},
{
"category": "external",
"summary": "NETOBSERV-984",
"url": "https://issues.redhat.com/browse/NETOBSERV-984"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3905.json"
}
],
"title": "Red Hat Security Advisory: Network observability 1.3.0 for Openshift",
"tracking": {
"current_release_date": "2024-12-10T17:53:32+00:00",
"generator": {
"date": "2024-12-10T17:53:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:3905",
"initial_release_date": "2023-06-28T15:42:53+00:00",
"revision_history": [
{
"date": "2023-06-28T15:42:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-28T15:42:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-10T17:53:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "NETOBSERV 1.3 for RHEL 9",
"product": {
"name": "NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_observ_optr:1.3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Network Observability"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.3.0-53"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.3.0-53"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.3.0-53"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.3.0-70"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.3.0-53"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.3.0-53"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.3.0-53"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.3.0-53"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"product_id": "network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.3.0-70"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.3.0-53"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.3.0-53"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.3.0-53"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.3.0-53"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.3.0-70"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.3.0-53"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.3.0-53"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.3.0-53"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.3.0-53"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"product_id": "network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.3.0-70"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.3.0-53"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64 as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64 as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64 as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64 as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64 as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64 as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64 as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64 as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64 as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64 as a component of NETOBSERV 1.3 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.3.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-24539",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196026"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a \u0027/\u0027 character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper sanitization of CSS values",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, not in the actual code. Thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users only, therefore, the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24539"
},
{
"category": "external",
"summary": "RHBZ#2196026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196026"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24539"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/59720",
"url": "https://github.com/golang/go/issues/59720"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-28T15:42:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3905"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper sanitization of CSS values"
},
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-24540",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196027"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of JavaScript whitespace",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users only, therefore the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24540"
},
{
"category": "external",
"summary": "RHBZ#2196027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540"
},
{
"category": "external",
"summary": "https://go.dev/issue/59721",
"url": "https://go.dev/issue/59721"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-28T15:42:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3905"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: html/template: improper handling of JavaScript whitespace"
},
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-29400",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196029"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of empty HTML attributes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, not in the actual code. Thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn OpenShift Container Platform and Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected containers are behind OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users, reducing the impact to low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29400"
},
{
"category": "external",
"summary": "RHBZ#2196029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196029"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29400",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29400"
},
{
"category": "external",
"summary": "https://go.dev/issue/59722",
"url": "https://go.dev/issue/59722"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-28T15:42:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3905"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:37a3f439c5a55366727163512a1eccbb7962dbc086d8a79287b7476207d212dc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:da2ef6762243a73fbb67cf3b5d70194e69c1d10bcac02e59caedea03061e4577_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:df7740057c2c606ba8480ea52bd633f20959a458d533a9a3210c4a13e475ca21_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-console-plugin-rhel9@sha256:f3ecfcc041d2c01287f437125df492a7781f9094850513170ebcd54c94737103_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:47801e613c40d0a07f22d3aea6f95708f512acbf09e4c30b683dba7dfea53e9f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:589f15ee6f2d80e7d4e9e28fc63ca7e5d56f5a388634ce276dc57f4e27a0a89b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:7e340285995d87c203cf9125dba0ec9c6fbce7eca90e9979e1f81611eae0f736_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d40cf50e30d0f475dad272520f332ee437b35b6ca4b786513e73a930e3a88eab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:23e28210806e49df576c16d1e599e8a0ed5dea19154f1c5baf9add9fa2d2833c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:bacfb687cad8a421e7d1c6743c16ce1296af9bee1a845d7cf337deba3df809da_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c096d0c061cc92ec7db12111cd95117960c970a10043a4c77b0c0506a23f2d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:c45986d378f644b5824b03c29ce6033de81219603446121fee0833e5158a702e_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:22a408f5b24c1ca916a80f15cfe3cb9059a3dc5677d297c7386c00cb751be487_arm64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:5dbc838683ee0b38a6aa6829ef98d64dcff1be89f58ac2a57ed5dce03ed3713b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:80788b01b0a853ca8dde3b7351f5af8b7622453616f2ee4a4cb064f65bebaa60_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-operator-bundle@sha256:b03f4e88ab1fed4744356a584d673fb2fdb15de7e1de7786bdd222b853690670_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:38b57c0ea502708bdc49fb47fb9c50bbc93ddb22b941160e4a1cac0f2afc6856_amd64",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:414cd50dc5e204226eb32b21da876aad3edba2c7b5a8a935e8e275773e63d56a_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:4c485468c25f82c49c68b4b7a489c636f834b09f0c52debfd6311a54b0366505_s390x",
"9Base-NETWORK-OBSERVABILITY-1.3.0:network-observability/network-observability-rhel9-operator@sha256:a06a3a4a5604d0e2bad7eaa63b98a12acc86ddbb2e9cbf3470fd5157a02f7bf1_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of empty HTML attributes"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.